Description
This article describes how to generate a web server certificate for the FortiManager or FortiAnalyzer using Windows PKI. This article covers how to set a server certificate installed on the FortiManager/FortiAnalyzer so that trusting connection can occur.
Solution
Generate a CSR toward the Certificate Authority as follows:
Give the SAN domain name and IP without spaces and separated by comma.
For example: DNS:fortinet.com,IP:1.1.1.1
For example: DNS:fortinet.com,IP:1.1.1.1
Select Download to get the CSR.
Extract the CSR and export it to the CS Certificate Authority.
Connect to the Certificate Authority.
Select Request a Certificate and advance certificate request.
Copy and paste the CSR request and use Web Server as Certificate Template as follows:
Download the certificate.
Download the generated certificate on the FortiManager or FortiAnalyzer.
The status of the certificate is now OK, as follows:
It is possible to install the root CA on the management station so that the Web Server can be validated.
To download the CA certificate, navigate to the certsrv and chose 'Download a CA certificate' and then 'Download CA certificate'.
Then use the imported Certificate into the FortiManager or FortiAnalyzer:
# config system admin setting
set admin_server_cert "FMG-Cert"
end
set admin_server_cert "FMG-Cert"
end
Once completed, import it in the CA repository.
Related article:
