| Description | This article describes how to use a self-signed certificate, issued by FortiAuthenticator as its own Certificate Authority (CA), to securely access the FortiAuthenticator GUI. |
| Scope | FortiAuthenticator. |
| Solution |
The first step is to create a local CA in the FortiAuthenticator. Navigate to Certificate Management -> Certificate Authorities -> Local CAs -> Create New.
The next step is to navigate to Certificate Management -> End Entities -> Local Services -> Create New.
The Certificate Authority should be the one that was created earlier. The DNS option under 'Subject Alternative Name' should be added with the URL. See the screenshot below for an example.
The final step is to map the certificate for GUI access. Navigate to System -> Administration -> System Access.
Select the HTTPS Certificate to be fortiauth_gui (as seen in the screenshot). The Certificate Authority Type should be Local CA and the CA certificate that issued the server certificate will be the local CA that we created first. The web server will restart once the changes are saved.
FortiAuthenticator will now use the self-signed certificate when being accessed via the GUI. |
