FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aamin
Staff
Staff
Article Id 200221
Description This article describes how to generate a self signed certificate from Gui for internal use.
Scope  
Solution

FortiGate can generate a certificate using our self-signed: CA: Fortinet_CA_SSL

Using a server certificate from a trusted CA is strongly recommended.


Follow the below steps to generate a self-signed certificate.

 

1) Go to System -> Certificates and select 'Create / Import'.

aamin_0-1638534623779.png


Select 'Certificate'.

 

aamin_1-1638534693613.png


2) Select the option to generate the certificate.

 

aamin_2-1638534825777.png

 

3) Once it opens, fill up the details as per the requirement.

 

aamin_0-1638536557956.png

 

Ensure that common name and subject alternative name are the ones that will be used to access the FortiGate or captive portal.

 

If the unit is to be accessed with an IP address fill in the same here.


To use the domain in these fields, A DNS record has to be created on the local DNS server so that it resolves to this IP.

 

To redirect users to captive portal FQDN instead of IP address use the below command.


# config firewall auth-portal
    set portal-addr "fortinet-portal.company.abc"
end

 

Ensure that  the CA certificate is downloaded in the above screenshot to avoid certificate errors.

 

This can be pushed to clients using Windows AD GPO.

 

Certificate for captive can be set in User & Authentication -> Authentication Settings.

 

aamin_1-1638538258666.png

 

To apply it on FortiGate admin login, Go to System -> Settings -> Administration Settings -> HTTPS Server Certificate.

 

aamin_2-1638538682976.png

 

 

Contributors