We have our own internal Microsoft Enterprise Certificate Authority.
I see the Fortigate can generate CSRs using the IP address of the internal admin gui interface.
My question is can I use the ip address and if so what certifcate template do I use?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
for Webinterface you need a simple SSL Certificate. Afair in windows ca there is a template named "Webserver certificate" or similar. We use this here too.
for SSL Inspection you need a subordinate ca certificate there is also a template for that (I'd have to look that up in our ca if needed).
And yes you can use the ip address. You have to set that as subject alternate name (san).
I do that on the windows by applying the parameter
san:ipaddress=<ipaddress>&dns=<ipadress>&dns=<hoatname>
Then the certifcate has both in it as san.
I paste the csr into the windows ca that was generated on the FGT to sign it and then import the certificate.
Works fine here.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.