FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 194607


This articles describes how to import local certificates under FortiManagerLocal certificates can be created and CA certificates can be imported but there is no option to import local certificates under FortiManager. To create a local certificate please refer to the this cookbook.




1. Import the local certificate onto the FortiGate directly then go to System>Certificates. Click on Import and select the certificate & click on OK. This will cause the FortiGate & FortiManager to go out of synchronisation.
2. In order to get it back into sync retrieve the running config of the FortiGate after having the local certificate imported onto the FortiGate. Now manually retrieve the config, go to System > click on the device > Dashboard > 

Configuration and Installation Status >  Revision History (icon on the right of Total Revisions). Click on “Retrieve Config”. This would retrieve the running config on the FortiGate after which the status should show as synchronised. 

3. Create a Dynamic object & mapping, under with a name under Policy & Objects > Object Configuration > Dynamic Objects > Local Certificates. When creating a Dynamic mapping it is important to select the correct device on which the certificate. 
If the  local certificate does not show up on the GUI, go to Tools> Display Options > Check all and click OK. 



4. Next under
Object Configurations > Security profiles > SSL/SSH Inspection.  Edit SSL/SSH profile under SSL inspection options > CA certificate > select the created certificate. Once added click ok

5. Once the above steps have been completed, use the same SSL/SSH inspection profile and push it to the FortiGates to see the Local certificate imported.

certi_fg_inspection profile.png