Hi CL1

You need to generate CSR under menu System > Certificate.

Once generated you download it and you sign it with your CA, then you push it again to FortiMail. Once done you should be able use it exclusively for your admin access from the same menu System > Certificate (sorry I don't have a FML lab to provide more details).

Yes, you can generate and create a certificate on FortiMail for internal use, such as for administrators accessing an internal domain (e.g., internal.example.net). Below is a step-by-step guide to achieving this:

Steps to Generate and Create a Certificate on FortiMail for Internal Use:

1. Generate a Certificate Signing Request (CSR)

1. Log in to the FortiMail Web UI as an administrator.
2. Go to System > Certificates.
3. Click on Generate to create a new certificate.
4. Fill in the required details:
   • Common Name (CN): internal.example.net
   • Organization (O): Your company name
   • Organizational Unit (OU): IT/Admin department
   • Country (C): Your country code (e.g., US)
   • State/Province (ST): Your state
   • City (L): Your city
5. Click OK to generate the CSR.

2. Self-Sign or Use an Internal CA

You have two options:

• Self-sign the certificate (for internal use only)
• Use an internal Certificate Authority (CA) to sign the CSR

A. Self-Signed Certificate

1. After generating the CSR, select it and click Self-Sign.
2. The system will generate a certificate that you can now use.

B. Sign with an Internal CA

1. Download the CSR file.
2. Sign it using your internal CA (e.g., Microsoft Active Directory Certificate Services).
3. Upload the signed certificate back to FortiMail.

3. Apply the Certificate

1. Navigate to System > Certificates.
2. Select the newly created certificate and assign it to the appropriate service (e.g., Web UI, SMTP over TLS).
3. Save and apply changes.