Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kylehouk
New Contributor

Created on ‎09-12-2023 08:26 AM

Creating SSL Certificate for local IP Camera

Background:

I have 5 IP cameras that various people need access to while at work. These cameras do not need to be accessed remotely, only internally while on the company network. They are on their own subnet with rules blocking access to the internet and other subnets.

 

These are older cameras that only work in Edge Internet Explorer compatibly mode. To protect user logins, I want to enable HTTPS for the cameras (which is supported by cameras). However, when I enable this and generate a cert from the camera itself, I still get the cert error which I would expect. The problem is that when I export the cert from the camera, I am unable to import that cert into Windows so that Windows sees that cert as valid. Windows gives an error when I try to import. Says it is the wrong format.

 

I have been looking into generating my own self-signed cert and uploading it to the camera but that has been unsuccessful.

 

Questions:

1. Is there anyway for the FortiGate to act as frontend for the camera handling the SSL cert? From the computer to the Fortigate? Like HAProxy on pfSense?

2. Can I use the FortiGate to generate a cert I could then upload to the camera? If so, how would I go about it?

Labels:
281
0 Kudos
4 REPLIES 4
ebilcari
Staff
Staff

Created on ‎09-12-2023 08:51 AM

Most probably the cameras are running older version of HTTP/S that are deprecated and not supported by the modern browsers (usually SSL instead of TLS). 

You can configure Virtual servers in FGT with Full SSL offloading and maybe point out to http port of the camera.

ssl offloading.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
273
0 Kudos
kylehouk
New Contributor
In response to ebilcari

Created on ‎09-12-2023 10:25 AM

Hello @ebilcari,

I do not see the Virtual Servers tab on my FortiGate. Do you know what feature visibility I need to enable to see that option?

251
0 Kudos
ebilcari
Staff
Staff
In response to kylehouk

Created on ‎09-13-2023 12:17 AM

The feature is under Load Balance

LB.PNG

This feature offers also LB capabilities for more than one server and I think here is easier to configure than on SSL/Inspection.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
225
0 Kudos
hbac
Staff
Staff

Created on ‎09-12-2023 09:10 AM

Hi @kylehouk,

 

Yes, you can generate a self signed certificate on the FortiGate. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-generate-a-self-signed-server-certi...

 

Regards, 

262
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.