I have created a new certificate request for local certificates (using the GUI), using ECDSA p256 cryptographic parameters.
Then I signed it at my root CA with a template of subordinate CA (basic constraint cA:TRUE); and I imported the signed certificate back into the FG. Of course the certificate of the root CA is itself trusted by the FG.
However, the new certificate does not appear in the GUI along the "local CA certificates" as I would expect, rather along the other "certificates." Is it correct? or is it a simple GUI bug?
I do know that at the CLI level all those certificates are handled jointly, so I do not believe this could have a functional impact. Also I am able to correctly select the new (sub) CA for deep inspection, and it works flawlessly.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
which version, in 6.2 i have the sub CA listed under: Remote CA Certificate
As I marked as a tag, I was seeing that on 6.0 (actually 6.0.11). However it seems to me the same thing is occurring on 6.2.5 as well: the sub-CA certificate which the device has the key for appears as "Local certificate".
Did you generate the private key for the subordinate CA on your device (as opposed to importing the Sub-CA certificate, along with its key, into the Fortigate)?
Also, I agree Sub-CA certificates for which the device does NOT have the private key would appear as "Remote CA"/"External CA" certificates, as one can expect (which is what confuses me, done for ones but not others.)
yeah, sorry didnt notice the tag.
did some testing around this and you can make the argument it works ok, but you can also say it doesnt.
if you load a certificate with key it ends up at local.
if it is a the root CA it shows up at local CAs, if it is an intermediate / subordinate CA it ends up at certificates. doesnt seem to matter if a local key or imported key is used.
contact your Fortinet sales contact and request the sub CA category in the GUI
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.