1. After deploying FortiGate on an AWS PAYG, check 'Fortinet_Factory' on the FortiGate with CLI commands as follows.

FGT # get vpn certificate local details | grep Fortinet_Factory -A6

== [ Fortinet_Factory ]

        Name:        Fortinet_Factory

        Subject:     C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FortiGate, emailAddress = support@fortinet.com

        Issuer:      C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = fortinet-subca2001, emailAddress = support@fortinet.com

        Valid from:  2023-08-28 04:05:33  GMT

        Valid to:    2056-05-26 20:48:33  GMT

        Fingerprint: 6D:A3:44:D1:93:49:09:5F:4E:3B:58:E8:01:7E:7C:6D:E1:66:22:F2:75:B5:6E:97:F5:72:3B:A7:AF:32:9A:18

        Serial Num:  02:4d:07:3c

== [ Fortinet_Factory_Backup ]

        Name:        Fortinet_Factory_Backup

        Subject:     C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FortiGate, emailAddress = support@fortinet.com

        Issuer:      C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com

        Valid from:  2023-08-28 04:05:33  GMT

        Valid to:    2038-01-18 22:34:39  GMT

        Fingerprint: 81:88:A5:28:E6:D5:D0:B1:3D:9C:57:DF:79:A8:56:E6:E6:99:C6:AE:97:77:24:C7:1C:FD:C9:8B:CE:5F:4B:AB

        Serial Num:  02:4d:07:3e

FGT #

2. FortiGate AWS PAYG may have the issue as CN under Subject: doesn’t display with the proper FortiGate serial number.

To fix:

1. Check FortiGate serial number or run the following CLI command:

FGT # get system status | grep Serial-Number

Serial-Number: FGTAWS1234567890

2. Run the following CLI command:

FGT # execute vm-license <FortiGate Serial number>

For example:

FGT # execute vm-license FGTAWS1234567890

This operation will reboot the system !

Do you want to continue? (y/n)y

     FortiGate will reboot.

3. After FortiGate reboots, check 'Fortinet_Factory' certificate details again.

FGT # get vpn certificate local details | grep Fortinet_Factory -A6

== [ Fortinet_Factory ]

        Name:        Fortinet_Factory

        Subject:     C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGTAWS1234567890, emailAddress = support@fortinet.com

        Issuer:      C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = fortinet-subca2001, emailAddress = support@fortinet.com

        Valid from:  2023-08-28 04:05:33  GMT

        Valid to:    2056-05-26 20:48:33  GMT

        Fingerprint: 6D:A3:44:D1:93:49:09:5F:4E:3B:58:E8:01:7E:7C:6D:E1:66:22:F2:75:B5:6E:97:F5:72:3B:A7:AF:32:9A:18

        Serial Num:  02:4d:07:3c

== [ Fortinet_Factory_Backup ]

        Name:        Fortinet_Factory_Backup

        Subject:     C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiGate, CN = FGTAWS1234567890, emailAddress = support@fortinet.com

        Issuer:      C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com

        Valid from:  2023-08-28 04:05:33  GMT

        Valid to:    2038-01-18 22:34:39  GMT

        Fingerprint: 81:88:A5:28:E6:D5:D0:B1:3D:9C:57:DF:79:A8:56:E6:E6:99:C6:AE:97:77:24:C7:1C:FD:C9:8B:CE:5F:4B:AB

        Serial Num:  02:4d:07:3e

FGT #

4. It will show the proper CN under Subject: with the proper FortiGate serial number after that.