Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hiroki
New Contributor II

Technical Tip How to downlod a certificate on FortiClient EMS cloud

We need to get a certificate on Forticlient EMS cloud. because we want to connect to our Fortigate and FortiClient EMS cloud (ZTNA)

 

We read a munual of FortiClient EMS cloud. The munaual said  "Configure FortiClient Cloud in Security Fabric > Settings > FortiClient Endpoint Management System (EMS) in FortiOS."

 

But our Fortigate cannot connect FortiClient EMS cloud. 

The error message is certificate authentication is failed .

So we want to download a certificate from FortClient EMS cloud in order to  import  forticlient EMS cloud certificate on our Fortigate.

 

Please tell me how to download a certificaate on FortiClient EMS Cloud?

I cannot find download botton on Forticlient EMS cloud.

9 REPLIES 9
Anthony_E
Community Manager
Community Manager

Hello Hiroki,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Hiroki,

 

could you indicate us, which version you are using please?

 

Regards,

Anthony-Fortinet Community Team.
Hiroki
New Contributor II

Thank you for the reply.

 

The OS version is this.

.Fortigate is 7.2.2 .

.Forticloud is 7.0.7.0398 .

 

Thank you.

Anthony_E
Community Manager
Community Manager

Hello Hiroki,

 

I have found this guide:

 

https://docs.fortinet.com/document/forticlient/7.0.4/ems-administration-guide/845200/ca-certificates

 

Could you please have a look and tell us if it is helping?

 

Regards,

Anthony-Fortinet Community Team.
Hiroki
New Contributor II

Hello Anthony,

 

Thank you for the advise.

I tried it, but our Fortigate cannot connect Forticlient EMS Cloud.

And I read the manual. 

https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/319002/configuring-ems...

 

However, the items in the sharing settings are different from the manual.

The item is following. 

 

Hiroki_0-1670893725524.png

Can FortClient EMS Cloud connect to FortiGate?

 

Thank you. 

 

RachelGomez123
Contributor

To configure an automated SSL certificate in FortiClient EMS:
Go to System Settings > EMS Settings.
Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally access EMS via ports 80 and 443 is possible using the configured fully qualified domain name (FQDN).
In the SSL certificate field, click the Import SSL certificate button.
Select Automated.
In the Domain field, enter the EMS FQDN. For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
In the Email field, enter a valid email address.
If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
Select the checkbox to agree to Let's Encrypt's terms of service.
Click Import.
To manually upload an SSL certificate in FortiClient EMS:
Go to System Settings > EMS Settings.
In the SSL certificate field, click the Import SSL certificate button.
Select Upload.
In the Certificate field, browse to and select the desired certificate.
In the Certificate Password field, configure the desired password for the certificate.
Click Upload.

Regards,

Rachel Gomez

Hiroki

Thank you for the advise.

 

However We cannot find the HTTPS access setting?

I attach the configurable Forticlient EMScloud screen below.

Hiroki_0-1670909075074.png

Br;

ikatutu
New Contributor

Did you find the solution for this issue yet... we have a similar issue with the forticlient EMS cloud. please let me know if you find a solution and what you did to fix it... thank you so much

btan

Hello,


Are you trying to setup FGT<>EMS Cloud fabric connector? For EMS Cloud, both FGT S/N and EMS Cloud must be registered under the same FortiCloud account to form a connector. I'd advise to raise a ticket to TAC for them to check for you.

Regards,
Bon
Labels
Top Kudoed Authors