This article describes how to configure ACME Certificate support when simultaneously using the same port for SSL VPN.
ACME certificate support
When ACME certificate support is configured, select an interface that will receive and reply to ACME connections, usually this port will be the same as the SSL-VPN port.
However, if 'Redirect HTTP to SSL-VPN' setting is enabled, it will not be possible to select the same port for the ACME interface and it not be possible to move forward. If this is the case, it will be necessary to disable the setting 'Redirect HTTP to SSL VPN' on the SSL VPN settings to be able to use the same port for SSL VPN and ACME. Nevertheless, the restrictions mentioned in the Fortinet documentation linked above still maintained:
Regularly Monitor ACME & Certificates: Ensure that the ACME process is running smoothly and that certificates are being renewed before expiration. Set up alerts or reminders for certificate expiry dates.
Backup Configuration: Always back up the configuration before making changes. This action provides a safety net in case something goes wrong.
Review Security Settings: Periodically review the security settings on the ACME and SSL-VPN interfaces. Ensure they conform to the latest best practices and recommendations.
Stay Updated: Fortinet, like many vendors, frequently releases updates and patches. Ensure the device is updated to benefit from the latest features and security patches.
Integrating ACME certificate support with SSL VPN on a FortiGate device provides an automated certificate management solution, essential for maintaining secure remote access. By understanding the intricacies of the setup and adhering to best practices, administrators can ensure a seamless and secure user experience.