Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
catalin_alexandru
New Contributor

Certificate for SSL VPN webpage

We have set up an SSL VPN on a Forti60E to allow clients to access a web application. Everything works fine.

I have a problem with SLL certificates used by Fortigate web page default. Being self signed browsers treat it as unsecure. Question:

1. What type of certificate is required?

2. Is it possible to generate such a certificate for example with a free certificate generator like Let's Encrypt ?

3. How can I redirect a subdomain from the DNS to the server IP xx.xx.xx.xx: 10443?  There are several ports and applications already openen on the respective IP

 

Best regards,

1 REPLY 1
TecnetRuss
Contributor

[ol]
  • Any inexpensive single-domain SSL certificate will do.
  • Yes, but without a built-in ACME plug-in for FortiOS it can become a pain to replace the certificate every 60-90 days.  If you're up to it, other contributors to the forums have posted scripts to help with this.  I've used LetsEncrypt certs in the past but I switched to a cheap 2 year SSL certificate because its was easier and cheaper in the long run.
  • DNS host (A) records only point a name to an IP address - they have nothing to do with ports.  If you want to redirect SSL Web Portal visitors from https://vpn1.somedomain.com to https://vpn2.somedomain.com:10443 you'd have to set up a 302 redirect on the vpn1.somedomain.com website.  I don't believe this will help FortiClient users - they'd have to be configured to go directly to vpn2.somedomain.com:10443.[/ol]

    Russ

    NSE7