Adding an SSL certificate to FortiClient EMS
You can add an SSL certificate to FortiClient EMS in one of the following ways:
The public Let's Encrypt certificate authority uses the Automated Certificate Management Environment (ACME) as defined in RFC 8555 to provide free SSL server certificates. You can configure FortiClient EMS to use certificates that Let's Encrypt manages and other certificate management services that use the ACME protocol.
Manually upload an SSL certificate.
To configure an automated SSL certificate in FortiClient EMS:
- Go to System Settings > EMS Settings.
- Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally accessing EMS via ports 80 and 443 using the configured fully qualified domain name (FQDN) is possible.
- In the SSL certificate field, click the Import SSL certificate button.
- Select Automated.
- In the Domain field, enter the EMS FQDN. For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
- In the Email field, enter a valid email address.
- If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
- Select the checkbox to agree to Let's Encrypt's terms of service.
- Click Import.