FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pbangari
Staff
Staff
Article Id 211856
Description

 

This article describes that tarting FortiOS v7.0.2, the certificate wizard helps to generate local certificates using the self-signed Fortinet_CA_SSL CA certificate.

 

Scope

 

This helps to fix the certificate errors for HTTPS or GUI access to FortiGate or for the SSL-VPN portal.

 

Note.

FortiGate can generate a certificate using our self-signed CA: Fortinet_CA_SSL.

Using a server certificate from a trusted CA is strongly recommended.

 

Solution

 

Below are the steps to generate the certificate and call it under system settings for HTTPS setting:

 

Go to: System ->  Certificates ->  Create/Import -> Certificate.

 

pbangari_1-1652343958831.png

 

Under the 'Generate New Certificate' and select 'Generate Certificate'.

 

pbangari_2-1652343984672.png

 

Certificate authority          : Fortinet_CA_SSL  (pre-populated)

Certtificate name              : mycert (can be of your choice)

Common name                    : 10.40.19.77 (The common name should match the FQDN or IP of the interface)

SAN (Subject Alternative Name) : 10.40.19.77  (FQDN or IP of the interface)

 

To avoid certificate warnings on the end user machine, must download Fortinet_CA_SSL CA certificate and install it on end user machine.

 

pbangari_3-1652344009926.png

 

Select 'Create', then it will be possible to find the certificate 'mycert' under the 'local certificate'.

It is possible to call this cert 'mycert' under System -> Settings -> Administration Settings -> HTTPS server certificate.

 

Download the Fortinet_CA_SSL CA certificate and install it on the user machine’s certificate store and browser as Trusted Root CA.

If the user tries to access the FortiGate, a 'Not secure' certificate error should not appear.

 

pbangari_4-1652344050437.png