Troubleshooting Tip: FortiSOAR Postgres and Nginx certificate expired for Custom SSL Certificate

RuiChang · ‎02-24-2025

Description

This article provides solutions for FortiSOAR Postgres and Nginx certificates expired.

Scope

FortiSOAR.

Solution

FortiSOAR utilizes self-signed certificates to communicate internally with Postgres and Nginx and it will be expired. If users are using the default configuration, it can be renewed as mentioned in this KB article:Technical Tip: Unable to log onto FortiSOAR instances due to the expiration of the self-signed certi...

However, if users are using custom certificates for SSL in /etc/nginx/conf.d/nginx.conf and still facing the error below:

----
Node name: XXX

Postgres Certificate Expiring On XX Mar, 20XX
Nginx Certificate Expiring On XX Mar, 20XX

Identify the components reporting a failure and refer to the documentation Help > Administration Guide > Monitoring FortiSOAR section for more help on troubleshooting.
----

Users just need to run the command below:

# csadm certs --generate <your FSR hostname>

This command will renew the self-signed certificate in /etc/nginx/ssl:

-rw-r--r--. 1 root root 1533 Mar XX 20XX server.leaf.crt
-rw-r--r--. 1 root root 1184 Mar XX 20XX server.leaf.csr
-rw-r--r--. 1 root root 1704 Mar XX 20XX server.leaf.key
-rw-r--r--. 1 root root 3237 Mar XX 20XX server.leaf.pem

Hence, the custom certificate in /etc/nginx/conf.d/nginx.conf will remain and be renewed by the user when the custom certificate expires.

Note:

Take a snapshot before proceeding to avoid unnecessary risk.

Related document:

Additional configuration settings for FortiSOAR

Troubleshooting Tip: FortiSOAR Postgres and Nginx certificate expired for Custom SSL Certificate

Description

Scope

Solution

You are leaving our website