Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
anderson-p-santos
New Contributor

Is it possible to add a wildcard certificate to FortiGate SSL VPN ?

Hi

 

I have SSL VPN configured and working using a Let's Encrypt certificate. It has been configured for a FQDN (vpn1.domain.com) that points to IP address at Fortigate port1 interface.

Now I have a second ISP connection on port2 and want to listen to SSL VPN connections on port2 also.

Fortigate part is simple. Just add interface to "Listen on Interace(s)" field. FortiClient part is also simple. Just add a second remote gateway using a new FQDN (vpn2.domain.com) that points to port2 IP address.

But server certificate used for SSL VPN profile just points to vpn1.domain.com. For any reason that FortiClient connects to port2 (vpn2.domain.com) a certificate warning is issued.

Add a wildcard certificate is not possible.

Is there any way to avoid this warning using a certificate issued by Let's Encrypt and managed by FortiOS (including automatic renewal) ?

Or I have to issue a wildcard certificate by myself, load into FortiGate  and renew it by myself ?

 

Thanks in advance.

1 Solution
scan888
Contributor

Hello,

This situation is not possible to solve with ACME. Because, FortiGate only supports single Domainname requests over ACME.

You have two options:

1. Buy an SAN Certificate from a Certificate Authority (like godaddy).

2. Disable certificates warning on the FortiClient.

 

Or you contact your local SE to open a feature request for SAN ACME certificate.

 

 

 

 

- Have you found a solution? Then give your helper a "Like" and mark the solution.

View solution in original post

- Have you found a solution? Then give your helper a "Like" and mark the solution.
1 REPLY 1
scan888
Contributor

Hello,

This situation is not possible to solve with ACME. Because, FortiGate only supports single Domainname requests over ACME.

You have two options:

1. Buy an SAN Certificate from a Certificate Authority (like godaddy).

2. Disable certificates warning on the FortiClient.

 

Or you contact your local SE to open a feature request for SAN ACME certificate.

 

 

 

 

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
Top Kudoed Authors