FortiSIEM Discussions
slabrie
New Contributor

FortiSIEM with certificate from Microsoft AD CS

Hello,

Since I did the integration of an SSL certificate signed by a Microsoft ADCS certificate authority. I have SSL errors in the phoenix.log related to the phMonitorSupervisor. And in the Cloud Health section, the supervisor status is critical.

phMonitorSupervisor[1519691]: [PH_HTTP_CLIENT_CURL_ERROR]:[eventSeverity]=PHL_ERROR,[procName]=phMonitorSupervisor,[fileName]=phHttpClient.cpp,[lineNumber]=882,[infoURL]=h_t_tps://*.*.*.*:443/phoenix/rest/sync/task?custId=1&agentId=1&time=1677772602,[phLogDetail]=curl error (60) Peer certificate cannot be authenticated with given CA certificates for method: GET



On the other hand, I have a valid certificate when I connect in the WEBUI of FortiSIEM.

In the FortiSiem documentation, it describes the procedure to add a signed certificate. But I have an impression that it is only for CA authorities like Entrust, etc.

So, should we add the root CA of ADCS in the OS certificates (rocky Linux)?

Thanks for your help

#fortisiem

4 REPLIES 4
FSM_FTNT
Staff
Staff

I think in this instance it may be best to raise a support case.

 

You should not need to install it into any Rocky cert stores. A few things to double check..

 

1 - certificate configuration

2 - dns name and any alt names provided

3 - verify certificate validity

 

slabrie

Thanks for the reply

 

I will check with support. But I confirm that my certificate is valid, the dns and I have followed the configuration guide.

martinschmitt1

Hi Slabrie,

 

any outcome or news regarding using MS AD Certs? I also opened a case with support and i will configure it next week. 

martinschmitt1
New Contributor

Hello Slabrie,

 

i also want to implement an MSAD signed Cert but i did not try it because i read it that it seems not to be supported. I think the reason is there is only one Cert implemented for SSL and this is used in many places like connecting to the other FortiSIEM Appliances like Connectors and to external logsources like Azure and so on. Are you using this and is it still working in your case? Please let me know news about the outcome of your "experience". 

 

Good Look!

Martin