Help
FortiSIEM Discussions
networkm
New Contributor

Created on ‎01-12-2026 01:57 PM Edited on ‎01-12-2026 02:04 PM

FortiSiem Web access change self-signed certificate

Hello,

 

I have production enviroment with supervisor,collector and windows agents.I am using self-signed certificate for web acccess to supervisor. I need to use certificate digitaly signed with my own private CA so when i access fortisiem to not getting warning.

 

Does anyone have solution how to generate csr,sign it, and import certiciate in suppervisor to be used for web (because there is no option in GUI like for example in fortigate).

Also if i do that will it have impact for communication collector to supervisor, or agent to collector ?

 

Thanks everyone 

41
0 Kudos
4 REPLIES 4
Gabe_FTNT
Staff
Staff

Created on ‎01-12-2026 02:08 PM

@networkm
This FortiSIEM technical tip should help you: How to apply a self-signed or certificate authority 

--
Gabriel Kaelin, Sr. Enterprise Systems Engineer, Fortinet
34
networkm
New Contributor
In response to Gabe_FTNT

Created on ‎01-12-2026 02:14 PM

@Gabe_FTNT 

Thank you. If i follow this steps and replace self-signed with new digitaly signed certificate by my CA, will that create some impact on existing communication between collector--supervisor, and between agents--collector.

Note: everything is discovered and login in collector and agents is also connected to collector.

31
0 Kudos
Gabe_FTNT
Staff
Staff
In response to networkm

Created on ‎01-12-2026 02:26 PM

I'm not sure, as I haven't worked with it for a few years. I just had that link readily available when I saw your post. :smiling_face_with_smiling_eyes:
Please study the technical tip: How to check communication between collector and super from collector side that's linked in the previously shared link, as well as the documentation for the FortiSIEM version you're using, e.g. for 7.5.0: Configuring SSL Socket Certificates

--
Gabriel Kaelin, Sr. Enterprise Systems Engineer, Fortinet
27
0 Kudos
Secusaurus
Contributor III
In response to networkm

Created on ‎01-12-2026 11:29 PM

Hi @networkm,

Unless you haven't configured otherwise, the Collectors and Workers will accept any kind of certificate (they accept the self-signed in the first place, so there is no need apply the CA to them here). You can enforce the certificate check, but this is not the default situation.

 

In our usual setups, we have a slightly different situation (we sign with public CAs and we do certificate stuff before growing the cluster), so I'd recommend you to schedule a maintenance window to be able to roll back and check.

Also, note, that some applications only do a certificate check from time to time, so it might take a day (or a reboot of all nodes) to ensure that everything works with the new certificates.

 

Best,

Christian

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
0
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.