Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vishal
New Contributor

Wild card certificate for admin login gui

Hi all,

 

Will wild card certificate works for admin login GUI ?. Please note here im not generating any CSR and will import a wildcard cert provided by customer into fortigate local certificate and then in Settings>> Administrator settings. PFA imagefortigate admin certificate.jpg

 

Pls advise

1 Solution
kvimaladevi

Hi Vishal,

 

It is not mandatory for the CSR to be generated from Fortigate only. You can generate it from any 3rd party as well to get the certificate. As you already have the certificate, you can upload, it will work.

View solution in original post

10 REPLIES 10
kvimaladevi
Staff
Staff

Hi Vishal,

 

Yes you can install a wildcard certificate for the Fortigate Web UI. You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate.

Once you have that, you can upload it to the Fortigate following the below link:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/825073/purchase-and-import-a-signed-ssl-...

Instead of choosing CA certificate while uploading, you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.

vishal

hi @kvimaladevi 

 

Thank for your reply. As per your statement "you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.Would i need to upload certificate in local certificate section  ?.

 

Also regarding statement "You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate." What will be certificate extension which i have to upload it ?

 

Pls response it would be a great help to me.

kvimaladevi

Hi Vishal,

Yes, you can upload it in the local section. You will get an option to upload the certificate and the private key separately. You can have the private key alone in a separate file and upload it in the key file section, the other 3 in a different file(server, intermediate and root) and upload it as certificate. 

You can use .pem format. 

vishal

Hi @kvimaladevi 

 

Sorry to say but it seems a little bit confusing to me.. Please share if do you have any video or my specific requirement article

kvimaladevi
Staff
Staff

Hi Vishal,

Let me explain it clearly. You will have the certificate bundle from your client. It will have server, intermediate, root and private key. Copy the server, intermediate and root certificates and paste it in a notepad and save it in .pem format. Similarly, copy the private key alone in a separate notepad and save it.

Please refer to the below picture:

certificate pic.PNG

In the certificate file option, upload the certificate, in the key file option, upload the key file. If your client has mentioned any password while generating the CSR, please mention that password in the password field. If there is no password, you can leave that blank and click OK.

Once this certificate is uploaded, you can map it to the administrator GUI access in the GUI by changing the HTTPS certificate to the upload certificate.

vishal

@kvimaladevi 

 

Thank you for your explanation it really seems helpful. One last question.. as you mentioned "If your client has mentioned any password while generating the CSR" But i have not generated any CSR from fortigate and will directly upload wildcard cert into Fortigate. Hope it will work.

kvimaladevi

Hi Vishal,

 

Initially while creating the certificate you would have generated a CSR and then would have given it to the CA. While generating if you have given any password, you can mention the same while uploading that certificate. If you have not given any password, you can ignore that field. 

vishal

HI @kvimaladevi 

 

But CSR was not generated from Fortigate device. Will it still work if i upload it ?

kvimaladevi

Hi Vishal,

 

It is not mandatory for the CSR to be generated from Fortigate only. You can generate it from any 3rd party as well to get the certificate. As you already have the certificate, you can upload, it will work.

Labels
Top Kudoed Authors