This article describes that tarting FortiOS v7.0.2, the certificate wizard helps to generate local certificates using the self-signed Fortinet_CA_SSL CA certificate.
This helps to fix the certificate errors for HTTPS or GUI access to FortiGate or for the SSL-VPN portal.
Note.
FortiGate can generate a certificate using our self-signed CA: Fortinet_CA_SSL.
Using a server certificate from a trusted CA is strongly recommended.
Below are the steps to generate the certificate and call it under system settings for HTTPS setting:
Go to: System -> Certificates -> Create/Import -> Certificate.
Under the 'Generate New Certificate' and select 'Generate Certificate'.
Certificate authority : Fortinet_CA_SSL (pre-populated)
Certtificate name : mycert (can be of your choice)
Common name : 10.40.19.77 (The common name should match the FQDN or IP of the interface)
SAN (Subject Alternative Name) : 10.40.19.77 (FQDN or IP of the interface)
To avoid certificate warnings on the end user machine, must download Fortinet_CA_SSL CA certificate and install it on end user machine.
Select 'Create', then it will be possible to find the certificate 'mycert' under the 'local certificate'.
It is possible to call this cert 'mycert' under System -> Settings -> Administration Settings -> HTTPS server certificate.
Download the Fortinet_CA_SSL CA certificate and install it on the user machine’s certificate store and browser as Trusted Root CA.
If the user tries to access the FortiGate, a 'Not secure' certificate error should not appear.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.