This article explains how to replace the default certificate used by a FortiMail for secure connections.
All FortiMail units have a self-signed certificate installed on them by default. It is recommended to replace this certificate with valid digital certificate for the protected domains, to keep the contents of email secure.
1. Generating a certificate request
If a signed certificate is already available, proceed to step two.
On the FortiMail, go to System > Certificate > Local Certificate and select Generate. Set the information in the Generate Certificate Signing Request as required.
The request will appear in the certificate list, with its status shown as Pending. Select the request, then select Download.
Send the certificate request file (.csr) to a certificate authority (CA) for signing.
2. Importing the signed certificate
With the signed certificate, go to System > Certificate > Local Certificate and select Import. Set Type to Local Certificate and choose the certificate file (.cer).
In the certificate list, select the certificate, then select Set status to set the certificate as the default.
3. Check that the default certificate has been changed
Go to System > Certificate > Local Certificate. The imported certificate is shown as Default in the Status column.
The FortiMail will now automatically use this new default certificate for making secure connections.