Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
drenigoln
New Contributor

is there a way to pass own CA/root certificate to fortigate for DPI?

...per default there's the built in root CA certificate on the fortigate which is used for DPI, but can you issue your own root CA certificate for the fortigate using an internal PKI? Haven't found any articles or options in the GUI to do that...

Thanks!

Tweakbox Appvalley tutuapp
2 REPLIES 2
mzainuddinahm

Hello drenigoln,

 

Yes, you can use your own certificate- but it needs to be a CA (Certificate Authority) certificate (ie one that is capable of signing another certificate). The CA certificate is used to resign the certificates end users see.

 

If you have a look at the Fortinet_CA_SSL cert details you will see it has "CA:TRUE". That's what you need for your own certificate.

 

KB: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/530183/getting-the-certificate-signed-by...

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/645186/generating-a-csr-on-a-fortigate

 

Best Regards,

Mohammed Ahmed

 

 

 

MZA
sw2090
SuperUser
SuperUser

in addition to Mohammed,

 

there is even two ways to do that:

 

you can either create a Cerificate Request (CSR) in FGT gui and then sign that with your own CA or you can import a certificate chain (including the private key) as a whole.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors