FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mdeparisse_FTNT
Article Id 197370

Description


This article describes how to generate a web server certificate for the FortiManager or FortiAnalyzer using Windows PKI. This article covers how to set a server certificate installed on the FortiManager/FortiAnalyzer so that trusting connection can occur.

Solution

 

Generate a CSR toward the Certificate Authority as follows:
 
 
Give the SAN domain name and IP without spaces and separated by comma.
For example: DNS:fortinet.com,IP:1.1.1.1
Select Download to get the CSR.
 
 
 
Extract the CSR and export it to the CS Certificate Authority.
 
 
Connect to the Certificate Authority.
 
 
Select Request a Certificate and advance certificate request.
 
Copy and paste the CSR request and use Web Server as Certificate Template as follows:
 
 
 
Download the certificate.
 
 
 
Download the generated certificate on the FortiManager or FortiAnalyzer.
 
 
 
The status of the certificate is now OK, as follows:
 
 
 
It is possible to install the root CA on the management station so that the Web Server can be validated.
 
To download the CA certificate, navigate to the certsrv and chose 'Download a CA certificate' and then 'Download CA certificate'.
 
 
 
Then use the imported Certificate into the FortiManager or FortiAnalyzer:
 
# config system admin setting
      set admin_server_cert "FMG-Cert"
   end
 
Once completed, import it in the CA repository.
 
 
Related article: