FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Article Id 189946


This article describes how to generate and apply a self-signed certificate to FortiSIEM, as well as how to apply a certificate from a certificate authority (CA).

Here is a step by step guide:

1) Log in to your Supervisor as root.

2) Generate the Private Key and Certificate Signing Request (CSR).
    This step and the next applies to both self-signed and CA certificates.

openssl genrsa 2048 > fsiem.key

3) Create the Certificate Signing Request (CSR).

openssl req -new -key fsiem.key -out fsiem.csr

4) Create the self-signed certificate
    If you want to use a certificate issued by a certificate authority, skip this step and send the CSR from Step 3 to the certificate authority. When you receive your certificate, proceed from Step 6 of these instructions.

openssl x509 -req -days 1461 -in fsiem.csr -signkey fsiem.key -out fsiem.crt

5) Verify the Self-Signed Certificate.
    PUBLIC KEY must be matched

openssl rsa -in fsiem.key -pubout
openssl x509 -in fsiem.crt -pubkey

6) Apply the certificate by moving FortiSiem.crt and fsiem.key to /etc/httpd/conf.d.
7) Edit /etc/httpd/conf.d/ssl.conf file and make sure these parameters are configured with your certificate and private key filename.
  -  SSLCertificateFile /etc/httpd/conf.d/fsiem.crt
  -  SSLCertificateKeyFile /etc/httpd/conf.d/fsiem.key
8. Restart Apache.

service httpd restart

Related Articles

Technical Note: [Accelops KB] How to set up a proper CA-signed certificate

Technical Note: [Accelops KB] How to check communication between collector and super from collector ...