FortiOS leverages certificates in multiple areas, such as VPNs, administrative access, and deep packet inspection. This section contains topics about uploading certificates and provides examples of how certificates may be used to encrypt and decrypt communications, and represent the identity of the FortiGate. This sections assumes the reader has a high level understanding of the public key infrastructure (PKI) system, particularly how entities leverage trusted certificate authorities (CAs) to verify the authenticating party, and how public and private certificate keys work to secure communications.
The certificates feature is hidden by default in FortiOS. In the GUI, go to System > Feature Visibility and enable Certificates.
The following topics provide an overview of how to add certificates to the FortiGate:
- Uploading a certificate using the GUI
- Uploading a certificate using the CLI
- Uploading a certificate using an API
The following topics provide examples of how to use certificates:
- Configuring certificates for SAML SSO
- FortiClient EMS
- Microsoft CA deep packet inspection
- Procure and import a signed SSL certificate
- Protecting an SSL server
- Provision a trusted certificate with Let's Encrypt
- Site-to-site VPN with digital certificate
- SSL VPN with certificate authentication
- SSL VPN with LDAP-integrated certificate authentication