FortiGate can push certificate authority (CA) certificates directly to EMS once it establishes communication with EMS. You no longer have to manually import CA certificates from FortiGate to EMS.
The following instructions assume that FortiGate, EMS, and a FortiClient (Windows) endpoint are already operating as components of a Fortinet Security Fabric. FortiClient is connected to EMS.
- Create an EMS Fabric connector in FortiOS:
- In FortiOS, go to Security Fabric > Fabric Connectors.
- Click Create New.
- Create a new Fabric connector for EMS.
Configure EMS to import the certificates:
- In EMS, go to Administration > Fabric Devices.
- Authorize the connection request from the FortiGate.
- Once the connection succeeds, EMS automatically imports FortiGate CA certificates. To verify this, go to Endpoint Policy & Components > CA Certificates. This pane lists certificates under the FortiGate serial number.
- Go to Endpoint Profiles > Manage Profiles.
- Select the profile that is applied to the endpoint.
- On the System Settings tab, enable Install CA Certificate on Client. Once enabled, the field displays the imported FortiGate certificates. Select the desired certificates to distribute to the endpoints.
- Click Save.
- After the endpoint receives the profile updates from EMS, open the Manage Computer certificates/Manage User certificates console on the endpoint.
- Go to Trusted Root Certification Authorities > Certificates.
- Confirm that the selected certificates are installed.