We are in the process on testing fortiweb to eventually deploy a vm-based solution.
For now, I have something working, and I am able to pass trafic trough the fortiweb (reverse proxy mode) to access the webserver I am user for now.
I was able to add certificate, and use SNI to access different websites on that server.
So, when a certificate is about to expire or need to be replace, I cannot import the new certificate, nor the certificate/key pair. I get an error that it exists and need to delete first. I cannot delete a given certificat since it's used in an SNI list.
So how are-we suppose to replace existing certs that are being used ? If do it by hand, best case it'll take like 30 seconds. During that time, clients would get another cert or an error. That's not verry acceptable.
I could always use the API to do it quickly in a second or so. But I would need to delete that cert from the SNI policy, and I haven't figured how, then delete the cert, re-upload the new cert, and then re-add the cert to the SNI policy.
Speaking of wich, is there a more detailed documentation of the API, as for what is the syntax to be used for each call ? I only found a quick reference basicly listing the possible calls.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.