Fortinet Community

catalin_alexandru · ‎04-07-2020

We have set up an SSL VPN on a Forti60E to allow clients to access a web application. Everything works fine.

I have a problem with SLL certificates used by Fortigate web page default. Being self signed browsers treat it as unsecure. Question:

1. What type of certificate is required?

2. Is it possible to generate such a certificate for example with a free certificate generator like Let's Encrypt ?

3. How can I redirect a subdomain from the DNS to the server IP xx.xx.xx.xx: 10443? There are several ports and applications already openen on the respective IP

Best regards,

TecnetRuss · ‎04-07-2020

[ol]

Any inexpensive single-domain SSL certificate will do.

Yes, but without a built-in ACME plug-in for FortiOS it can become a pain to replace the certificate every 60-90 days. If you're up to it, other contributors to the forums have posted scripts to help with this. I've used LetsEncrypt certs in the past but I switched to a cheap 2 year SSL certificate because its was easier and cheaper in the long run.

DNS host (A) records only point a name to an IP address - they have nothing to do with ports. If you want to redirect SSL Web Portal visitors from https://vpn1.somedomain.com to https://vpn2.somedomain.com:10443 you'd have to set up a 302 redirect on the vpn1.somedomain.com website. I don't believe this will help FortiClient users - they'd have to be configured to go directly to vpn2.somedomain.com:10443.[/ol]

Russ

NSE7

Fortinet Community

Certificate for SSL VPN webpage