| Description |
This article shows how to add a custom certificate to the FortiManager management interface and perform a valid certificate validation test locally. |
| Scope | FortiManager |
| Solution |
In certain scenarios, due to compliance requirements or specific organizational policies, uploading a custom certificate to the FortiManager administrative interface may be required. This involves replacing the default 'server.crt; certificate.
To perform this action, navigate to System Settings -> Settings -> HTTPS & Web Service Certificate.
In this example, a custom certificate is loaded by navigating to System Settings -> Certificates -> Create New/Import -> Certificate.
Select the 'Certificate' option and upload the required files: the custom certificate in '.crt' format and the corresponding key file in '.key' format. Assign a name to the certificate for identification purposes.
After the certificate is added, its successful addition can be verified in the certificate list.
Return to System Settings -> Settings -> HTTPS & Web Service Certificate, select the newly added certificate, and select Apply to complete the configuration.
Note: Upon selecting Apply, an 'unknown error' message may appear in FortiManager, and an automatic reconnection attempt may occur. This is expected behavior resulting from the certificate change. The new certificate must be accepted in the browser to proceed.
When the web interface is reloaded, a certificate warning may be displayed. To proceed, select Advanced -> Accept the Risk and Continue.
After logging back into FortiManager, the new certificate will be in use. However, the browser may still indicate that the connection is not secure. This typically occurs because access is performed using the IP address instead of the fully qualified domain name (FQDN) specified in the certificate.
To perform a local test, a record must be added to the local hosts file. Open a Command Prompt with administrator privileges and navigate to the following path: C:\Windows\System32\drivers\etc
To edit the file, use a text editor such as Notepad with administrative privileges.
Add a line to the file containing the FortiManager administration IP address, followed by the hostname and domain, as shown in the example image.
Save the file after editing.
To verify that the changes were applied, run a ping command to the chosen hostname. The response should be resolved to the FortiManager IP address.
The final step is to validate the configuration in a web browser by accessing the FortiManager interface using the hostname and domain via HTTPS. If configured correctly, the browser will indicate that the connection is secure, as shown in the example image.
Related article: |
