Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.10
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    FortiGate VM unique certificate

    FortiGate VM unique certificate

    To safeguard against certificate compromise, FortiGate VM and FortiAnalyzer VM use the same deployment model as FortiManager VM where the license file contains a unique certificate tied to the serial number of the virtual device.

    A hardware appliance usually comes with a BIOS certificate with a unique serial number that identifies the hardware appliance. This built-in BIOS certificate is different from a firmware certificate. A firmware certificate is distributed in all appliances with the same firmware version.

    Using a BIOS certificate with a built-in serial number provides a high trust level for the other side in X.509 authentication.

    Since a VM appliance has no BIOS certificate, a signed VM license can provide an equivalent of a BIOS certificate. The VM license assigns a serial number in the BIOS equivalent certificate. This gives the certificate an abstract access ability, which is similar to a BIOS certificate with the same high trust level.

    Note

    This feature is only supported in new, registered VM licenses.

    Sample configurations

    Depending on the firmware version and VM license, the common name (CN) on the certificate will be configured differently.

    To view validated certificates:
    1. Go to System > Certificates.
    2. Double-click on a VM certificate. There are two VM certificates:
      • Fortinet_Factory
      • Fortinet_Factory_Backup

      The Certificate Detail Information window displays.

      • If you are using new firmware (6.2.0 and later) with a new VM license, the CN becomes the FortiGate VM serial number.

      • If you are using new firmware (6.2.0) with an old VM license, the CN remains as FortiGate. It does not change to the VM serial number.

      • If you are using old firmware (6.0.2) with a new VM license, the CN remains as FortiGate.

    Previous
    Next

    FortiGate VM unique certificate

    FortiGate VM unique certificate

    To safeguard against certificate compromise, FortiGate VM and FortiAnalyzer VM use the same deployment model as FortiManager VM where the license file contains a unique certificate tied to the serial number of the virtual device.

    A hardware appliance usually comes with a BIOS certificate with a unique serial number that identifies the hardware appliance. This built-in BIOS certificate is different from a firmware certificate. A firmware certificate is distributed in all appliances with the same firmware version.

    Using a BIOS certificate with a built-in serial number provides a high trust level for the other side in X.509 authentication.

    Since a VM appliance has no BIOS certificate, a signed VM license can provide an equivalent of a BIOS certificate. The VM license assigns a serial number in the BIOS equivalent certificate. This gives the certificate an abstract access ability, which is similar to a BIOS certificate with the same high trust level.

    Note

    This feature is only supported in new, registered VM licenses.

    Sample configurations

    Depending on the firmware version and VM license, the common name (CN) on the certificate will be configured differently.

    To view validated certificates:
    1. Go to System > Certificates.
    2. Double-click on a VM certificate. There are two VM certificates:
      • Fortinet_Factory
      • Fortinet_Factory_Backup

      The Certificate Detail Information window displays.

      • If you are using new firmware (6.2.0 and later) with a new VM license, the CN becomes the FortiGate VM serial number.

      • If you are using new firmware (6.2.0) with an old VM license, the CN remains as FortiGate. It does not change to the VM serial number.

      • If you are using old firmware (6.0.2) with a new VM license, the CN remains as FortiGate.

    Previous
    Next