- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is there a way to pass own CA/root certificate to fortigate for DPI?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello drenigoln,
Yes, you can use your own certificate- but it needs to be a CA (Certificate Authority) certificate (ie one that is capable of signing another certificate). The CA certificate is used to resign the certificates end users see.
If you have a look at the Fortinet_CA_SSL cert details you will see it has "CA:TRUE". That's what you need for your own certificate.
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/645186/generating-a-csr-on-a-fortigate
Best Regards,
Mohammed Ahmed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in addition to Mohammed,
there is even two ways to do that:
you can either create a Cerificate Request (CSR) in FGT gui and then sign that with your own CA or you can import a certificate chain (including the private key) as a whole.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
