How can you change the SSL certificate presented by the SSO SP on port 7831?
Changing it under the following places does not seem to work.
-User & Auth > SSO
-User & Auth > Auth Settings >
I'm using this though an explicit proxy and it just continues to present the factory SSL cert with the FG serial number.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The following settings will help you to assign the right certificate using FortiGate CLI.
By default, you would see:
FGT # show full web-proxy global
config web-proxy global
set ssl-cert "Fortinet_Factory"
set ssl-ca-cert "Fortinet_CA_SSL"
You should replace the imported SSL Certificate using FortiGate CLI.
config web-proxy global
set ssl-cert "new-ssl-example.com"
Reference:
Technical Tip: Fortiproxy and certificate used for... - Fortinet Community
Hello Ryan,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Ryan,
I have found this document:
Could you please tell me if it helps?
Regards,
Hi Anthony,
Unfortunately, I just worked though that link and it does not help. I've tried both self signed and publicly signed certificates and none of them will show on connections to port 7831. They do work for the regular captive portal. (not going though the explicit proxy) I even just tried the factory CA certificate as shown in that example, but it did not work either.
It is also interesting to note in the last screen shot of that link it looks like they are ignoring the certificate error too. Notice the yellow warning triangle in the address bar. Hopefully there is a way to change the SSL certificate presented on port 7831.
Thanks for your assistance!
Ryan
Hello Ryan,
Thanks a lot for your feedback!
I will continue to look for a solution.
Regards,
You're welcome!
Is there any way to make port 1003 reachable via the explicit proxy using a local in policy rule? I think that could be a potential short term work around to the issue.
The following settings will help you to assign the right certificate using FortiGate CLI.
By default, you would see:
FGT # show full web-proxy global
config web-proxy global
set ssl-cert "Fortinet_Factory"
set ssl-ca-cert "Fortinet_CA_SSL"
You should replace the imported SSL Certificate using FortiGate CLI.
config web-proxy global
set ssl-cert "new-ssl-example.com"
Reference:
Technical Tip: Fortiproxy and certificate used for... - Fortinet Community
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.