Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ryan_www
New Contributor III

Created on ‎10-05-2022 07:14 AM

FG 7.2.x Change Certificate for SSO SP port 7831

How can you change the SSL certificate presented by the SSO SP on port 7831? 

Changing it under the following places does not seem to work.

 

-User & Auth > SSO

ryan_www_0-1664979001856.png

-User & Auth > Auth Settings > 

ryan_www_1-1664979121412.png

 

I'm using this though an explicit proxy and it just continues to present the factory SSL cert with the FG serial number.

 

Labels:
2182
0 Kudos
1 Solution
mahmad
Staff
Staff

Created on ‎03-09-2023 07:11 AM

The following settings will help you to assign the right certificate using FortiGate CLI.

By default, you would see:
FGT # show full web-proxy global
config web-proxy global
set ssl-cert "Fortinet_Factory"
set ssl-ca-cert "Fortinet_CA_SSL"

You should replace the imported SSL Certificate using FortiGate CLI.
config web-proxy global
set ssl-cert "new-ssl-example.com"

Reference:

Technical Tip: Fortiproxy and certificate used for... - Fortinet Community

View solution in original post

1802
6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Created on ‎10-09-2022 07:19 AM

Hello Ryan,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
2145
Anthony_E
Community Manager
Community Manager

Created on ‎10-10-2022 09:48 PM

Hello Ryan,

 

I have found this document:

 

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/447498/saml-authentication-i...

 

Could you please tell me if it helps?

 

Regards,

Anthony-Fortinet Community Team.
2128
0 Kudos
ryan_www
New Contributor III
In response to Anthony_E

Created on ‎10-11-2022 11:44 AM

Hi Anthony,

 

Unfortunately, I just worked though that link and it does not help.  I've tried both self signed and publicly signed certificates and none of them will show on connections to port 7831.  They do work for the regular captive portal.  (not going though the explicit proxy) I even just tried the factory CA certificate as shown in that example, but it did not work either.

 

It is also interesting to note in the last screen shot of that link it looks like they are ignoring the certificate error too.  Notice the yellow warning triangle in the address bar.  Hopefully there is a way to change the SSL certificate presented on port 7831.

 

ryan_www_0-1665513838151.png

 

Thanks for your assistance!

Ryan

 

2117
Anthony_E
Community Manager
Community Manager

Created on ‎10-11-2022 09:57 PM

Hello Ryan,

 

Thanks a lot for your feedback!

 

I will continue to look for a solution.

 

Regards,

Anthony-Fortinet Community Team.
2111
0 Kudos
ryan_www
New Contributor III
In response to Anthony_E

Created on ‎10-12-2022 06:04 AM

You're welcome! 

 

Is there any way to make port 1003 reachable via the explicit proxy using a local in policy rule?  I think that could be a potential short term work around to the issue.

2098
0 Kudos
mahmad
Staff
Staff

Created on ‎03-09-2023 07:11 AM

The following settings will help you to assign the right certificate using FortiGate CLI.

By default, you would see:
FGT # show full web-proxy global
config web-proxy global
set ssl-cert "Fortinet_Factory"
set ssl-ca-cert "Fortinet_CA_SSL"

You should replace the imported SSL Certificate using FortiGate CLI.
config web-proxy global
set ssl-cert "new-ssl-example.com"

Reference:

Technical Tip: Fortiproxy and certificate used for... - Fortinet Community

1803
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.