Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ck8882
New Contributor II

How to setup custom certificate for between FGT and FMG communication

HI All,

 

May i know how to setup custom certificate for between FGT and FMG communication instead use built in cert? My case scenario is private CA. so currently i tried to use FAC to sign the FGT and FMG CSR.

 

I found a link https://community.fortinet.com/t5/FortiManager/Technical-Tip-Setup-custom-certificate-for-FGFM-proto...

 

However, not really understand the step. could anyone elaborate it below?? Thanks

 

Example:

FortiManager side:

 

# config system global
    set fgfm-ca-cert “RootCA” <----- May i know is this Root CA export from FAC?
    set fgfm-local-cert “cert_fmg” <--- May i know this local cert is it CSR and sign by FAC?
end

 

FortiGate side:

 

# config system central-management
    set local-cert "cert_fgt" <--- May i know this local cert is it CSR and sign by FAC?
    set ca-cert "RootCA" <----May i know is this Root CA export from FAC?
end

1 REPLY 1
ndumaj
Staff
Staff

Hello ck8882

Please review the link below the scenario should be the same:
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-replace-default-SSLVPN-cer...

In this case the FGT is the Webserver and FMG is the client.
On web server you have to generate a CSR singed to the Root CA in this case FAC and then you need to install the Cert singed by the FAC into FGT.
On the other hand the client FMG should have Root CA installed in order to validate the FGT server certificate.

BR


- Happy to help, hit like and accept the solution -
Labels
Top Kudoed Authors