FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
vkumar_FTNT
Staff
Staff
Article Id 194607

Description

This articles describes how to import local certificates under FortiManagerLocal certificates can be created and CA certificates can be imported but there is no option to import local certificates under FortiManager. To create a local certificate please refer to the this cookbook.


Scope

 


Solution

1. Import the local certificate onto the FortiGate directly then go to System>Certificates. Click on Import and select the certificate & click on OK. This will cause the FortiGate & FortiManager to go out of synchronisation.
 
cert_1.png
 
 
 
fmg-ouOutSynch.png
 
 
2. In order to get it back into sync retrieve the running config of the FortiGate after having the local certificate imported onto the FortiGate. Now manually retrieve the config, go to System > click on the device > Dashboard > 

Configuration and Installation Status >  Revision History (icon on the right of Total Revisions). Click on “Retrieve Config”. This would retrieve the running config on the FortiGate after which the status should show as synchronised. 


FMG-retrieve.png
 
 
FMG-retrieve-2.png
 
 
3. Create a Dynamic object & mapping, under with a name under Policy & Objects > Object Configuration > Dynamic Objects > Local Certificates. When creating a Dynamic mapping it is important to select the correct device on which the certificate. 
If the  local certificate does not show up on the GUI, go to Tools> Display Options > Check all and click OK. 

 

dynamic_obj.png




4. Next under
Object Configurations > Security profiles > SSL/SSH Inspection.  Edit SSL/SSH profile under SSL inspection options > CA certificate > select the created certificate. Once added click ok
 
add_cert_to_ssh_profile.png
 
 

5. Once the above steps have been completed, use the same SSL/SSH inspection profile and push it to the FortiGates to see the Local certificate imported.

certi_fg_inspection profile.png