|Description||This article describes how to configure a FortiAnalyzer to use an externally signed local certificate for OFTP connection between FortiGate and FortiAnalyzer, for log transmission purposes.|
1) Generate a Certificate Signing Request from FortiAnalyzer.
2) Enter the relevant information in the CSR request. It is mandatory to enter the FortiAnalyzer Serial Number into the Domain Name parameter if certificate validation is enabled on FortiGate:
3) Download the CSR generated:
4) To generate the certificate, sign the CSR with either the public CA or the private CA. In this demo, FortiAuthenticator is used as the CA server:
5) After signing the CSR, export and download the certificate generated:
6) In FortiAnalyzer, import the signed certificate:
7) The certificate status will change from Pending to OK once the certificate is uploaded correctly:
8) Once the certificate has been imported, configure the use of the local certificate in the CLI and restart the OFTP daemon:
# config system certificate oftp
set mode local
set local "FAZ_SSL"
# diag test app oftpd 99
9) In FortiGate, import the CA certificate if a private CA was used.
In this case, the FortiAuthenticator CA certificate used to sign the CSR is imported:
10) Validate the connection status in the FortiGate:
11) To perform verification in the FortiGate CLI, run the following command:
Technical Tip : Adding SAN(Subject Alternative Name) while generating CSR(Certificate Signing Reques...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.