Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vishal
New Contributor

Created on ‎05-10-2022 05:47 AM

Wild card certificate for admin login gui

Hi all,

 

Will wild card certificate works for admin login GUI ?. Please note here im not generating any CSR and will import a wildcard cert provided by customer into fortigate local certificate and then in Settings>> Administrator settings. PFA imagefortigate admin certificate.jpg

 

Pls advise

Labels:
4093
0 Kudos
1 Solution
kvimaladevi
Staff
Staff
In response to vishal

Created on ‎05-12-2022 12:05 AM

Hi Vishal,

 

It is not mandatory for the CSR to be generated from Fortigate only. You can generate it from any 3rd party as well to get the certificate. As you already have the certificate, you can upload, it will work.

View solution in original post

4032
0 Kudos
10 REPLIES 10
kvimaladevi
Staff
Staff

Created on ‎05-10-2022 06:25 AM Edited on ‎05-10-2022 06:27 AM

Hi Vishal,

 

Yes you can install a wildcard certificate for the Fortigate Web UI. You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate.

Once you have that, you can upload it to the Fortigate following the below link:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/825073/purchase-and-import-a-signed-ssl-...

Instead of choosing CA certificate while uploading, you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.

3539
vishal
New Contributor
In response to kvimaladevi

Created on ‎05-10-2022 09:53 AM

hi @kvimaladevi 

 

Thank for your reply. As per your statement "you can choose certificate and upload it. Once it is successfully uploaded, you can map it to the administrator GUI access in the GUI by changing the  HTTPS server certificate.Would i need to upload certificate in local certificate section  ?.

 

Also regarding statement "You can get the certificate bundle from your customer which will have the server, intermediate, root and private key that is chained and formed as a certificate." What will be certificate extension which i have to upload it ?

 

Pls response it would be a great help to me.

3531
0 Kudos
kvimaladevi
Staff
Staff
In response to vishal

Created on ‎05-11-2022 01:46 AM

Hi Vishal,

Yes, you can upload it in the local section. You will get an option to upload the certificate and the private key separately. You can have the private key alone in a separate file and upload it in the key file section, the other 3 in a different file(server, intermediate and root) and upload it as certificate. 

You can use .pem format. 

3523
0 Kudos
vishal
New Contributor
In response to kvimaladevi

Created on ‎05-11-2022 05:29 AM

Hi @kvimaladevi 

 

Sorry to say but it seems a little bit confusing to me.. Please share if do you have any video or my specific requirement article

3514
0 Kudos
kvimaladevi
Staff
Staff

Created on ‎05-11-2022 06:17 AM

Hi Vishal,

Let me explain it clearly. You will have the certificate bundle from your client. It will have server, intermediate, root and private key. Copy the server, intermediate and root certificates and paste it in a notepad and save it in .pem format. Similarly, copy the private key alone in a separate notepad and save it.

Please refer to the below picture:

certificate pic.PNG

In the certificate file option, upload the certificate, in the key file option, upload the key file. If your client has mentioned any password while generating the CSR, please mention that password in the password field. If there is no password, you can leave that blank and click OK.

Once this certificate is uploaded, you can map it to the administrator GUI access in the GUI by changing the HTTPS certificate to the upload certificate.

3511
0 Kudos
vishal
New Contributor
In response to kvimaladevi

Created on ‎05-11-2022 10:10 AM

@kvimaladevi 

 

Thank you for your explanation it really seems helpful. One last question.. as you mentioned "If your client has mentioned any password while generating the CSR" But i have not generated any CSR from fortigate and will directly upload wildcard cert into Fortigate. Hope it will work.

3503
0 Kudos
kvimaladevi
Staff
Staff
In response to vishal

Created on ‎05-11-2022 11:05 PM

Hi Vishal,

 

Initially while creating the certificate you would have generated a CSR and then would have given it to the CA. While generating if you have given any password, you can mention the same while uploading that certificate. If you have not given any password, you can ignore that field. 

3493
0 Kudos
vishal
New Contributor
In response to kvimaladevi

Created on ‎05-12-2022 12:02 AM

HI @kvimaladevi 

 

But CSR was not generated from Fortigate device. Will it still work if i upload it ?

3489
0 Kudos
kvimaladevi
Staff
Staff
In response to vishal

Created on ‎05-12-2022 12:05 AM

Hi Vishal,

 

It is not mandatory for the CSR to be generated from Fortigate only. You can generate it from any 3rd party as well to get the certificate. As you already have the certificate, you can upload, it will work.

4033
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.