FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pbangari
Staff
Staff
Article Id 240930
Description

This article describes the issue of using a server certificate for GUI or HTTPS access to FortiGate(s) in HA setup.

When a custom server certificate is used for GUI or HTTPS access to FortiGate, this configuration is synced to the other members of the cluster as well.

 

So if FQDN or IP addresses are used to access FortiGate since the FQDN or IP addresses are different and if the certificate has only one FQDN or IP address added as the CN (Common Name), CN mismatch (invalid certificate error) while accessing the FortiGate.

Scope FortiOS.
Solution

Example:

if the FortiGate(s) access details are as below:

 

Fortigate-1: fqdn- fortigate1.xyz.com (192.168.1.1) and Fortigate-1: fortigate2.xyz.com (192.168.1.2)

 

It is possible to use a wildcard certificate with fqdn: *.xyz.com or with both fqdn added as CN in the Certificate which holds good for both the FortiGate(s) in HA.

Contributors