Has anyone used OpenSSL to generate a CA signing certificate for use with the FortiGate to do HTTPS deep packet inspection instead of using the certificate that comes with the FortiGate? If so could you provide the syntax?
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Please find the below commands to create a Certificate using OpenSSL
Commands to Generate CA Certificate and KEY. ======================================= genrsa -des3 -out ca.key 1024 req -new -x509 -days 730 -key ca.key -out ca.crt Commands to Generate Server Certificate and KEY. ========================================= genrsa -des3 -out server.key 1024 req -new -key server.key -out server.csr x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt Commands to Generate Client Certificate and KEY ========================================= genrsa -des3 -out client.key 1024 req -key client.key -new -out client.csr x509 -req -days 730 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt
Above given Openssl commands generates Root certificate and Server certificate.
For more information, please refer the below KB article
Thank you for the information. My understanding is that the FortiGate certificate needs to be able to re-sign a server certificate in order to do SSL deep packet inspection so the users don't get prompted with certificate warnings. Will your command to 'generate CA Certificate and KEY' do this?
You just need to create the root CA certificate, then create an intermediate CA certificate which will be signed by your root CA cert.
Hello PaulM1114,
OpenSSL is a very good tool but everything is over CLI and you need to know what you are doing, the parameters etc... Fortinet has a good setp-by-step documment for it.
Personally I preffer XCA like: http://sourceforge.net/projects/xca/
It has graphical user interface. You need to create a CA key and CA certificate. After that all the other certificates will be signed with this CA certificate.
Read the XCA docummentation how to use it. Once you have experience with XCA you will never use other software.
AtiT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.