HI All,
May i know how to setup custom certificate for between FGT and FMG communication instead use built in cert? My case scenario is private CA. so currently i tried to use FAC to sign the FGT and FMG CSR.
I found a link https://community.fortinet.com/t5/FortiManager/Technical-Tip-Setup-custom-certificate-for-FGFM-proto...
However, not really understand the step. could anyone elaborate it below?? Thanks
Example:
FortiManager side:
# config system global
set fgfm-ca-cert “RootCA” <----- May i know is this Root CA export from FAC?
set fgfm-local-cert “cert_fmg” <--- May i know this local cert is it CSR and sign by FAC?
end
FortiGate side:
# config system central-management
set local-cert "cert_fgt" <--- May i know this local cert is it CSR and sign by FAC?
set ca-cert "RootCA" <----May i know is this Root CA export from FAC?
end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello ck8882
Please review the link below the scenario should be the same:
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-replace-default-SSLVPN-cer...
In this case the FGT is the Webserver and FMG is the client.
On web server you have to generate a CSR singed to the Root CA in this case FAC and then you need to install the Cert singed by the FAC into FGT.
On the other hand the client FMG should have Root CA installed in order to validate the FGT server certificate.
BR
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.