is there a way to pass own CA/root certificate to fortigate for DPI?

drenigoln · ‎12-27-2022

...per default there's the built in root CA certificate on the fortigate which is used for DPI, but can you issue your own root CA certificate for the fortigate using an internal PKI? Haven't found any articles or options in the GUI to do that...

Thanks!

Tweakbox Appvalley tutuapp

mzainuddinahm · ‎12-27-2022

Hello drenigoln,

Yes, you can use your own certificate- but it needs to be a CA (Certificate Authority) certificate (ie one that is capable of signing another certificate). The CA certificate is used to resign the certificates end users see.

If you have a look at the Fortinet_CA_SSL cert details you will see it has "CA:TRUE". That's what you need for your own certificate.

KB: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/530183/getting-the-certificate-signed-by...

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/645186/generating-a-csr-on-a-fortigate

Best Regards,

Mohammed Ahmed

MZA

sw2090 · ‎12-27-2022

in addition to Mohammed,

there is even two ways to do that:

you can either create a Cerificate Request (CSR) in FGT gui and then sign that with your own CA or you can import a certificate chain (including the private key) as a whole.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

is there a way to pass own CA/root certificate to fortigate for DPI?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website