Created on 12-30-2021 04:13 AM Edited on 06-06-2022 11:42 AM By Anonymous
Description | This article describes how to use the external CA certificate on FortiGate for the communication between the FortiGate and FortiManager. |
Scope | FortiGate |
Solution |
It is possible to use the external CA certificate for the TLS communication between the Fortigate and Fortimanager on port 541.
1) First, generate a CSR on the FortiGate and get that signed by the external CA.
2) Now, import the certificate onto the FortiGate, where local and remote CA certificates will be imported separately.
3) Further on, you need to go to the CLI and run the following commands:
# config system central-managemen
Note.
1) It is not necessary to add the certificate to the trust list of Fortimanager or vice versa if the External CA signing the certificate for both the units is the same.
2) This feature to use set ca-cert is above the 6.4 version of FortiGate only. |
References |
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/645186/generating-a-csr-on-a-fortigate
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.