DescriptionThis article describes how to sign a CSR on FortiAuthenticator. FortiAuthenticator can be used to sign a Certificate Sign Request (CSR) generated by other device like a
FortiGate.
Solution1.
First, a Certificate Authority(CA) is required to sign certificates.
a. Go
to Certificate Management > Certificate Authorities >
Local CAs then create a new root CA.
2.
In
order to sign a CSR go to Certificate Management > End Entities > Users
and select Import.
a. Select
the CA created.
b. A Subject Alternative Name can be specified. Note that FortiAuthenticator only supports E-Mail
and User Principal Name(UPN).
Note: If a CSR is imported with a Subject
Alternative Name as DNS or other fields, which is signed by the
FortiAuthenticator. Those fields (Subject Alternative Name) will be deleted.
Try to sign those CSR with other CA.
c. Also,
the propose of this certificate can be selected, add the key usages needed.
3.
After
sign the cert, it may be downloaded.
