Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.2.2 Handbook
    7.2.2
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Importing intermediate CAs

    Importing intermediate CAs

    An intermediate CA store is for the intermediate CA certificates that back-end servers would normally use to complete the chain of server certificates, if any. HTTPS transactions use intermediate CAs when the server certificate is signed by an intermediate certificate authority (CA) rather than a root CA.

    In FortiADC, a root CA can be imported as an "intermediate CA".

    Before you begin, you must:

    • Have Read-Write permission for System settings.
    • Know the URL of an SCEP server or have downloaded the certificate and key files and be able to browse to them so that you can upload them.
    To import an intermediate CA:
    1. Go to System > Certificate > Manage Certificates.
    2. Click the Intermediate CA tab.
    3. Click Import to display the configuration editor.
    4. Complete the configuration as described in Intermediate CA import configuration.
    5. Click Save when done.
    6. Repeat Steps 3 through 5 to import as many intermediate CAs as needed.

    Intermediate CA import configuration
    Settings Guidelines
    Certificate Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.The maximum length is 35 characters. After you initially save the configuration, you cannot edit the name.
    Import Method
    • SCEP—Use Simple Certificate Enrollment Protocol. SCEP allows routers and other intermediary network devices to obtain certificates.
    • File—Upload a file.
    SCEP
    SCEP URL Specify the URL of the SCEP Server.
    CA Identifier Enter the identifier of the CA on the SCEP server, if applicable.
    File
    Certificate File Browse for and upload the the certificate file on the local machine.
    Key File

    Browse for the corresponding PEM key file that you want to upload.

    Note: Both a certificate file and key file are required for the intermediate CA used in SSL decryption by the forward proxy.
    Password Password to encrypt the files in local storage.
    Previous
    Next

    Importing intermediate CAs

    Importing intermediate CAs

    An intermediate CA store is for the intermediate CA certificates that back-end servers would normally use to complete the chain of server certificates, if any. HTTPS transactions use intermediate CAs when the server certificate is signed by an intermediate certificate authority (CA) rather than a root CA.

    In FortiADC, a root CA can be imported as an "intermediate CA".

    Before you begin, you must:

    • Have Read-Write permission for System settings.
    • Know the URL of an SCEP server or have downloaded the certificate and key files and be able to browse to them so that you can upload them.
    To import an intermediate CA:
    1. Go to System > Certificate > Manage Certificates.
    2. Click the Intermediate CA tab.
    3. Click Import to display the configuration editor.
    4. Complete the configuration as described in Intermediate CA import configuration.
    5. Click Save when done.
    6. Repeat Steps 3 through 5 to import as many intermediate CAs as needed.

    Intermediate CA import configuration
    Settings Guidelines
    Certificate Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.The maximum length is 35 characters. After you initially save the configuration, you cannot edit the name.
    Import Method
    • SCEP—Use Simple Certificate Enrollment Protocol. SCEP allows routers and other intermediary network devices to obtain certificates.
    • File—Upload a file.
    SCEP
    SCEP URL Specify the URL of the SCEP Server.
    CA Identifier Enter the identifier of the CA on the SCEP server, if applicable.
    File
    Certificate File Browse for and upload the the certificate file on the local machine.
    Key File

    Browse for the corresponding PEM key file that you want to upload.

    Note: Both a certificate file and key file are required for the intermediate CA used in SSL decryption by the forward proxy.
    Password Password to encrypt the files in local storage.
    Previous
    Next