Install certificates
To install a wildcard certificate on FortiAuthenticator:
- Go to Certificate Management > Certificate Authorities > Trusted CA.
Import a trusted root/intermediate public CA certificate in order to support your wildcard certificate. - In Certificate Management > End Entities > Local Services, click Import, select Certificate and Private Key, and import your domain wildcard certificate as *domainname. For example,
*fortixpert.com
.
To generate a Certificate Signing Request (optional):
The following steps are optional and can be done if the server certificate matching the FortiAuthenticator FQDN is not yet available.
- In Certificate Management > End Entities > Local Services, select the Create New button.
Configure the following settings:- Under Create New Server Certificate, set the Certificate ID to your certificate name, for example, fac.fortixpert.com.
- Under Subject Information, configure the Name, Department, Company, City, State/Province, Country and Email Address for your certificate.
- (Optional) If you are using a self-signed certificate on FortiAuthenticator, add a Subject Alternative Name (SAN) matching the FQDN under Subject Alternative Name.
- (Optional) Under Advanced Options: Key Usages, choose all Key Usages and Extended Key Usages.
- All other fields can be left in their default state. Click OK to save your changes.
- Export the pending CSR by selecting the pending entry and then clicking Export Certificate. Use the downloaded
certificate-name.csr
file to obtain a certificate from a public CA. - Import the signed certificate file from the public CA by selecting Import and uploading the
certificatename.cer
file.
To install local service certificates:
- Go to Certificate Management > Certificate Authorities > Trusted CA.
Upload the trusted root/intermediate public CA certificates in order to support your host/server certificate. - Under Certificate Management > End Entities > Local Services, Import your publicly signed host/server certificate matching the FQDN (i.e. fac.fortixpert.com) along with the matching private key.
- Under System > Administration > System Access > GUI Access, configure the following:
- For HTTPS Certificate, select the server certificate matching the device FQDN from the dropdown box.
- For CA Certificate, select the Root CA certificate that was used to sign the host/server certificate selected above.
- Select OK.