FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sharmaj
Staff
Staff
Description This article describes how to use the external CA certificate on FortiGate for the communication between the FortiGate and FortiManager.
Scope  
Solution

It is possible to use the external CA certificate for the TLS communication between the Fortigate and Fortimanager on port 541.

 

 

1) First, generate a CSR on the FortiGate and get that signed by the external CA.

 

2) Now, import the certificate onto the FortiGate, where local and remote CA certificates will be imported separately.

 

3) Further on, you need to go to the CLI and run the following commands:

 

# config system central-managemen
    set local-cert 'define the certificate you need to use {string}
    set ca-cert 'define the external root CA' {user}.

 

Note.

 

1) It is not necessary to add the certificate to the trust list of Fortimanager or vice versa if the External CA signing the certificate for both the units is the same.

 

2) This feature to use set ca-cert is above the 6.4 version of FortiGate only.

References

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/645186/generating-a-csr-on-a-fortigate

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-generate-CSR-and-export-it-with-pri...

 

https://docs.fortinet.com/document/fortigate/6.4.8/cli-reference/84620/config-system-central-managem...

Contributors