CA Certificates
If FortiOS is connected to EMS using the EMS API, deep inspection is enabled, and the Fabric connection between FortiOS and FortiClient EMS has already been configured, EMS automatically imports the FortiOS CA certificate. You then only need to apply the certificate in the desired endpoint profile. See System Settings. In this scenario, you do not need to manually upload or import CA certificates to EMS.
If you manually delete the imported certificate from EMS, EMS does not automatically reimport the certificate from FortiOS, even when EMS and FortiOS remain connected via the Fabric connector. EMS also does not automatically delete an already imported certificate if the Fabric connection between FortiOS and EMS is removed.
If FortiOS is not sending the CA certificate to EMS, you can manually upload or import CA certificates as the following describes.
After uploading or importing a certificate, you must configure it in a profile using the Install CA Certificate on Client option to provision it to endpoints. See System Settings.
To upload a CA certificate:
You can locally upload a CA certificate.
- Go to Endpoint Policy & Components > CA Certificates.
- Select Upload.
- In the Upload Local Certificate window, click Browse and locate the certificate.
- Click Upload.
To import a CA certificate:
- Go to Endpoint Policy & Components > CA Certificates.
- Select Import.
- In the Import Certificates from FortiGate window, enter the following information:
Enter the server IP/hostname in the following format:
<ip address> : <port>
.VDOM
Enter the VDOM name.
Username
Enter the username.
Enter the password.
- Click Import to import the certificate.