Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

is there a way to pass own CA/root certificate to fortigate for DPI?

...per default there's the built in root CA certificate on the fortigate which is used for DPI, but can you issue your own root CA certificate for the fortigate using an internal PKI? Haven't found any articles or options in the GUI to do that...


Tweakbox Appvalley tutuapp

Hello drenigoln,


Yes, you can use your own certificate- but it needs to be a CA (Certificate Authority) certificate (ie one that is capable of signing another certificate). The CA certificate is used to resign the certificates end users see.


If you have a look at the Fortinet_CA_SSL cert details you will see it has "CA:TRUE". That's what you need for your own certificate.




Best Regards,

Mohammed Ahmed




Honored Contributor

in addition to Mohammed,


there is even two ways to do that:


you can either create a Cerificate Request (CSR) in FGT gui and then sign that with your own CA or you can import a certificate chain (including the private key) as a whole.



"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Top Kudoed Authors