Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kylehouk
New Contributor II

Creating SSL Certificate for local IP Camera

Background:

I have 5 IP cameras that various people need access to while at work. These cameras do not need to be accessed remotely, only internally while on the company network. They are on their own subnet with rules blocking access to the internet and other subnets.

 

These are older cameras that only work in Edge Internet Explorer compatibly mode. To protect user logins, I want to enable HTTPS for the cameras (which is supported by cameras). However, when I enable this and generate a cert from the camera itself, I still get the cert error which I would expect. The problem is that when I export the cert from the camera, I am unable to import that cert into Windows so that Windows sees that cert as valid. Windows gives an error when I try to import. Says it is the wrong format.

 

I have been looking into generating my own self-signed cert and uploading it to the camera but that has been unsuccessful.

 

Questions:

1. Is there anyway for the FortiGate to act as frontend for the camera handling the SSL cert? From the computer to the Fortigate? Like HAProxy on pfSense?

2. Can I use the FortiGate to generate a cert I could then upload to the camera? If so, how would I go about it?

4 REPLIES 4
ebilcari
Staff
Staff

Most probably the cameras are running older version of HTTP/S that are deprecated and not supported by the modern browsers (usually SSL instead of TLS). 

You can configure Virtual servers in FGT with Full SSL offloading and maybe point out to http port of the camera.

ssl offloading.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
kylehouk
New Contributor II

Hello @ebilcari,

I do not see the Virtual Servers tab on my FortiGate. Do you know what feature visibility I need to enable to see that option?

ebilcari

The feature is under Load Balance

LB.PNG

This feature offers also LB capabilities for more than one server and I think here is easier to configure than on SSL/Inspection.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
hbac
Staff
Staff

Hi @kylehouk,

 

Yes, you can generate a self signed certificate on the FortiGate. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-generate-a-self-signed-server-certi...

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors