Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
tnesh
Staff
Staff

Created on ‎10-20-2024 10:58 PM Edited on ‎10-21-2024 05:46 AM By Moderator

Article Id 350691

Troubleshooting Tip: How to re-generate default ADOM CA certificate after being deleted

Description

This article describes how to re-generate the default ADOM CA certificate using the CLI command. This will be useful when the default ADOM CA certificate is deleted and it is needed again for certificate generation.
Scope FortiManager v7.4.3 and above.
Solution

Note: If the old certificate is still in the newADOM, a new CA certificate cannot be created and replaced with the old one. As a first step, the old CA certificate needs to be deleted.

  1. Run the following CLI command to re-generate the default ADOM CA certificate:

 

diagnose cdb manual-fix adom <adom-name> generate-adom-ca

 

Sample CLI output:

 

FMG # diagnose cdb manual-fix adom newADOM generate-adom-ca

Changes will be made to the database, however it is recommended to perform a backup first.
Do you want to continue? (y/n)y

Upgrading: Re-generate ADOM CA

Database upgrade complete.

FMG # 

 

  1. Once completed, a new default ADOM CA certificate will be generated under FortiManager -> Policy & Objects -> Advanced -> CA Certificates.

 

default-adom-ca-cert.png
Labels:
404
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.