Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adimailig
Staff & Editor
Staff & Editor

Created on ‎11-21-2023 10:11 PM Edited on ‎10-27-2025 03:36 AM By Community Manager

Article Id 285479

Technical Tip: Creating ACME Certificates via CLI on Multiple VDOMs

Description

 

This article describes how to create an ACME Certificate using CLI on a Multi-VDOM setup.

 

Scope

 

FortiGate.

 

Solution

 

For the requirements on setting up ACME, refer to:

Automatically provision a certificate

On a multi-VDOM FortiGate, ACME is currently only supported on global certificates. It is not possible to configure or deploy this under a specific VDOM.


See sample configuration using CLI on Multi-VDOM:


config global
    config certificate local
        edit "acme-test"
            set enroll-protocol acme2
            set acme-domain "fg.test-domain.com"
            set acme-email "test-email@fortinet.com"
        next
    end
    config system acme
        set interface "External_Interface"
    end

end

 

Make sure that the external interface is part of the management VDOM. Otherwise, it will not be possible to choose it in a global VDOM for an ACME certificate configuration.

 

acme2.PNG

 

acme1.PNG
Note: This feature can be requested by raising a New Feature Request (NFR). Requesting a feature can be performed only through the local sales representative: Contact Us. 

3235
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.