Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nabilnowolf
New Contributor

Fortinac Persistent Agent Certificate issue

Hi guys , please i would like to know if we can work with self signed certificate for communication between the agent and the fortinac server ?

 

We dont have an AD CA , and we cannot use third party certificate at the moment so we want to have this ssl communication done but with just some local self signed cert on the fortinac to be installed at the host for example .

 

Can you please advise on that , many thanks in advance .

Nowolf , Fortinet Guru -_-
2 REPLIES 2
Sx11
Staff
Staff

Hi Nowolf,

 

Self-Signed - FortiNAC issues its own certificate.

This type of certificate cannot be used for the Persistent Agent certificate target (for Persistent Agent communication) or the Portal target when using Dissolvable Agents.

 

You can check the docs below for more information on this and deployment scenarios:

 

https://docs.fortinet.com/document/fortinac/8.3.0/installing-ssl-certificates

https://docs.fortinet.com/document/fortinac/8.8.0/persistent-agent-deployment-and-configuration

 

Regards,

S

nabilnowolf

Hi ,

Fisrt of all thanks for replying .

So I used the csr to generate self signed certificate from fortinac with the correct cn name puted on the registre value of the persistent agent , and the SSL communication WORK as expected with an approval from the agent side .

I puted that answer so every one can use this workaround .

Nowolf , Fortinet Guru -_-