Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlftechCZ
New Contributor II

LetsEncrypt multi-SAN certificate (multi-Subject Alternative Names)

Hello,

 

How to solve multi-Subject Alternative Names in LetsEncrypt Certificate in FortiWeb. There are no way to insert in letsencrypt certificate more than one DNS name.

We have website with 15+ dns alternative names.

 

Thank You for your reply.

16 REPLIES 16
AlftechCZ
New Contributor II

Wow that means 20webs per 10 Alternated DNS names = 200 Certificates + 200 SNI records..... I thing certificate issuing has some limits for one IP address issuer.

 

May be big trouble not just for us.

Please can be ticket to solving this situation inserted in high priority?

Resolution is simple - inserting DNS + alternate DNS names in separated input field and properly issuing on LetsEncrypt servers. As is known on other certificates bots i say (certbot, winacme)

 

Thank You

Ales

jintrah_FTNT

Hi,

 

This would be a feature request.

 

Best regards,

Jin

Marthen
New Contributor II

It's bad but currently only way in Fortiweb. Create every single letsencrypt certificate and then group in SNI .

I had already opened ticket on support and answer:

- I have checked internally with our developers, You will have to raise a new NFR "New Feature Request" through your fortinet partner or sales representative.
- Currently, there's a workaround as follows:
You can issue one letsencrypt certificate for each domain, and then add these letsencrypt certificates as SNI certificate members. Then the server-policy can use the SNI certificate.

 

Of course I didn't opened NFR - it's waste of time with Fortinet  - they care only on "big" requests that can make money...  All my requests was denied. 

... and configured my 40 letsencrypt certificates :(

 

Fortinet as usual

Martin_36

Its pretty bad that such "basic-features" are not implemented in such a product.

open-source solutions like pfsense have acme support with up to 25 SANs i one single certificate now for years .....

Marthen
New Contributor II

In september release of FortiWeb (7.0.2) - Letsencrypt: Multiple FQDNs are now supported in a single LetsEncrypt Certificate.

 

Martin_36

Nice, Thx for the Info!

petep-cts
New Contributor

I'm encountering a comparable issue. My intention is to utilize the built-in Let's Encrypt option for FortiClient VPN users. Given that we have two ISPs, the SSL VPN is configured to listen on both interfaces. I've established two DNS A Records, but it seems that I can only use a single domain when using the cert creation wizard. Consequently, the backup IP won't have a valid certificate. Any recommendations or suggestions?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors