Hi All,
FortiAuthenticator on 5.3.1. Trying to create (not sign) certificates in End Entities > Local Services that need Subject Alternative Name set to an IP. However, the GUI only gives me options to create SAN entries for Email, User Principal Name (UPN), URI, or DNS.
Anybody know of a way to create a cert on the FAC with an IP SAN entry?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
no way to create AFAIK.
If the cert is for device with IP like FortiGate then what about CN=IP ?
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
I've specified CN=IP when creating the cert, but that isn't sufficient for browsers.
Chrome will still show it as invalid unless you have SAN=IP:1.2.3.4.
I guess I can create it in OpenSSL and import it, but it seems like the FAC should just let you enter the SAN values raw. Maybe time for a feature request.
You know, since the FortiGate allows you to create a CSR with raw SAN text, the FortiAuthenticator, as a CA, should really be able to match it.
Use openssl and request for a CSR and submit it for signing. Just import the pfx into the fgt and be done. And no you can't use a CN=<ip address> this is what and why the SAN altName field exist
http://socpuppet.blogspot.com/2017/11/cn-and-subject-alternative-names-in.html
and here's sample of URI DNS email altnames
http://socpuppet.blogspot.com/2018/06/strongswan-dynamic-vpnclient-fortios.html
Buttom for web-browsers CNs are not used when a AltName is present. A AltName can be a name ipaddr email URI etc.... or a combination of all ;)
PCNSE
NSE
StrongSwan
Yes, I can create it in OpenSSL and sign and import it (into the FAC, actually, for this).
This just seemed like something the FAC should be able to do on its own.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.