- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sing a fortigate CSR with OpenSSL (Linux)
Im trying to sign a CSR generated by a Fortigate FW. Unfortunately the signed certificate does not show as an option in the SSL inspection profile. Does anyone knows the how to sign the CSR with OpenSSL/Linux?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @JP20xx
In order to use a certificate for SSL inspection profile (whether it is certificate inspection/deep inspection), the respective certificate has to be a sub-CA certificate. This means that the certificate will need to have the Basic Constraints stating CA:TRUE. Some references that you can find in our community explain the respective:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/518006/using-a-ca-signed-certificate
I've not personally tried creating a sub-CA certificate using OpenSSL, but the following third-party steps look legit to me. You may want to give it a check:
https://mivilisnet.wordpress.com/2020/06/03/how-to-make-subordinate-ca-using-openssl/
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Generate-and-sign-certificates-using-OpenS...
If I'm not mistaken, you just need to follow step 1 then upload it to your FortiGate as CA certificate along with the private key.
