| Description | This article describes how to configure a FortiAnalyzer to use an externally signed local certificate for OFTP connection between FortiGate and FortiAnalyzer, for log transmission purposes. |
| Scope | FortiAnalyzer, FortiGate. |
| Solution |
1) Generate a Certificate Signing Request from FortiAnalyzer.
2) Enter the relevant information in the CSR request. It is mandatory to enter the FortiAnalyzer Serial Number into the Domain Name parameter if certificate validation is enabled on FortiGate:
3) Download the CSR generated:
4) To generate the certificate, sign the CSR with either the public CA or the private CA. In this demo, FortiAuthenticator is used as the CA server:
5) After signing the CSR, export and download the certificate generated:
6) In FortiAnalyzer, import the signed certificate:
7) The certificate status will change from Pending to OK once the certificate is uploaded correctly:
8) Once the certificate has been imported, configure the use of the local certificate in the CLI and restart the OFTP daemon:
# config system certificate oftp set mode local set local "FAZ_SSL" end
# diag test app oftpd 99
9) In FortiGate, import the CA certificate if a private CA was used. In this case, the FortiAuthenticator CA certificate used to sign the CSR is imported:
10) Validate the connection status in the FortiGate:
11) To perform verification in the FortiGate CLI, run the following command:
Related link: |
