Description
This article describes how to upload and set local certificate to be used in FortiManager/FortiAnalyzer using WebUI and CLI.
Scope
FortiManager and FortiAnalyzer.
Solution
- The user can upload a local certificate into FortiManager/Fortianalyzer by navigating as below: System Settings -> Certificates -> Local Certificates -> Import.
Use the option 'Certificate'.
Requirements:
- Certificate (.crt).
- Key File (.key).
- Certificate Password.
Configuration:
- Certificate File : test.crt.
- Key File: test.key.
- Password: Certificate Password.
The new 'Local Certificate' will be displayed in System Settings -> Certificates -> Local Certificates.
Below is another example of creating a new Local Certificate through CLI:
config system certificate local
edit "whatever"
set password ENC OTYwOTM2MDE2MzMzMDQxObncgXrfaJGPDHYY9I09cMQokPUzS+GNiIP6WD8uwAXAWzLsi4NIt1uYXYt5k17NbGbRqd9ukwPC8WUYBuBX8ilVmCDwnmfJyWa82eP6TCBd0SS2UbJXNGX5SFLPw6o9gfMv1t/AQV7w78MLqcHgp2jCYGY751NNIB452h1y53Qy
set comment "whatever"
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI9hoxbo7L+UcCAggA
<---snip-->
tBGA5uCegCmC4TWjqvyMh+5bqABe4TeX
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIHXzCCBcegAwIBAgIRAPMmRMkH/yY9sLYSRB6mbeUwDQYJKoZIhvcNAQEMBQAw
<---snip-->
D/O15yhTj+sN4kXtFN7pVQKY0w==
-----END CERTIFICATE-----"
next
end
Run the following commands via CLI to find the imported certificate:
get vpn certificate ca
get vpn certificate local
- Once the local certificate has been uploaded successfully, the user will be able to set the FortiManager/FortiAnalyzer to use the newly uploaded local certificate by navigating as below. Under System Settings -> Admin -> Admin Settings -> HTTPS & Web Service Certificate, select the cert -> Apply.
Related documents:
Technical Tip: Different application of local certificate for FortiManager/FortiAnalyzer
Technical Tip: How to configure FortiManager to use custom certificate for HA communication
