FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to use the external CA certificate on FortiGate for the communication between the FortiGate and FortiManager.
Scope
FortiGate
Solution
It is possible to use the external CA certificate for the TLS communication between the Fortigate and Fortimanager on port 541.
1) First, generate a CSR on the FortiGate and get that signed by the external CA.
2) Now, import the certificate onto the FortiGate, where local and remote CA certificates will be imported separately.
3) Further on, you need to go to the CLI and run the following commands:
# config system central-managemen set local-cert 'define the certificate you need to use {string} set ca-cert 'define the external root CA' {user}.
Note.
1) It is not necessary to add the certificate to the trust list of Fortimanager or vice versa if the External CA signing the certificate for both the units is the same.
2) This feature to use set ca-cert is above the 6.4 version of FortiGate only.
