Fortinet white logo
Fortinet white logo

FortiIsolator certificates

FortiIsolator certificates

The FortiIsolator CA certificate is required for access to the FortiIsolator from the browser. The CA certificate then auto-generates a matching server certificate for accessing the FortiIsolator database and a matching management certificate for accessing the FortiIsolator GUI. By default, the built-in FortiIsolator CA certificate is used. You can also generate or upload a custom CA certificate to meet your needs. However, you can revert to the default CA certificate anytime. For custom CA certificates, you can also upload a custom server or management certificate that is a match of the custom CA certificate.

The FortiIsolator CA certificate must be installed on each device that uses the FortiIsolator to visit websites unless you use a global CA certificate that grants global access to websites at browser level.

You can manage the FortiIsolator CA certificate and the associated server and management certificates in the Dashboard of the administration portal by clicking the Manage link near FortiIsolator Certificates in the System Information widget.

To revert to the default CA certificate and the matching server and management certificates:
  1. In the Re-Generate Isolator certificates section, click the link in Click here to generate Default Isolator certificates.
  2. The default CA certificate and the matching server and management certificates will be restored and the FortiIsolator will reboot, which might take a few minutes.

To use a custom-generated CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section below) before switching to a new one.

  1. In the Re-Generate Isolator certificates section, click the link in Click here to generate Isolator certificates.
  2. Specify the values of the certificate attributes and click OK. Bold indicate required attributes.
To back up the current CA certificate or the matching server or management certificates:
  1. In the Backup CA certificate section, depending on the certificate you want to back up, click the link in one of the following:
    • Click here to save CA certificate
    • Click here to save Isolator Server certificate
    • Click here to save Management Server certificate
  2. This will save the certificate into a ca.tgz file into your local system. You can store it in a secure place for when you need to restore the certificate.

To use a local CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section above) before switching to a new one.

  1. Depending on the file type of the local certificate, go to the Restore CA certificates by tgz file or Restore CA certificates by files section.
  2. Click Choose File to upload the local CA certificate file(s).

    Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  3. Specify the password(s), if any.
  4. Click Restore.
  5. Click OK.
  6. The local CA certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

    If the CA certificate is a global CA certificate that grants global access to websites at browser level, follow the next two sections to upload the corresponding server certificate and management certificate for the whole certificate chain to work.

To use a local server certificate:
  1. In the Restore Server certificates by files, click Choose File to upload the certificate and key.

    Make sure the server certificate is a match of the current CA certificate. Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  2. Specify the password and domain name, if any.
  3. Click Restore.
  4. Click OK.

    The local server certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

To use a local management certificate:
  1. In the Restore Management certificates by files, click Choose File to upload the certificate and key.

    Make sure the management certificate is a match of the current CA certificate. Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  2. Click Restore.
  3. Click OK.

    The local management certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

Note

For information about other certificate types, such as self-signed SSL certificates for a specific server or website or certificates used between FortiIsolator and FortiProxy or SAML servers, see Certificates.

FortiIsolator certificates

FortiIsolator certificates

The FortiIsolator CA certificate is required for access to the FortiIsolator from the browser. The CA certificate then auto-generates a matching server certificate for accessing the FortiIsolator database and a matching management certificate for accessing the FortiIsolator GUI. By default, the built-in FortiIsolator CA certificate is used. You can also generate or upload a custom CA certificate to meet your needs. However, you can revert to the default CA certificate anytime. For custom CA certificates, you can also upload a custom server or management certificate that is a match of the custom CA certificate.

The FortiIsolator CA certificate must be installed on each device that uses the FortiIsolator to visit websites unless you use a global CA certificate that grants global access to websites at browser level.

You can manage the FortiIsolator CA certificate and the associated server and management certificates in the Dashboard of the administration portal by clicking the Manage link near FortiIsolator Certificates in the System Information widget.

To revert to the default CA certificate and the matching server and management certificates:
  1. In the Re-Generate Isolator certificates section, click the link in Click here to generate Default Isolator certificates.
  2. The default CA certificate and the matching server and management certificates will be restored and the FortiIsolator will reboot, which might take a few minutes.

To use a custom-generated CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section below) before switching to a new one.

  1. In the Re-Generate Isolator certificates section, click the link in Click here to generate Isolator certificates.
  2. Specify the values of the certificate attributes and click OK. Bold indicate required attributes.
To back up the current CA certificate or the matching server or management certificates:
  1. In the Backup CA certificate section, depending on the certificate you want to back up, click the link in one of the following:
    • Click here to save CA certificate
    • Click here to save Isolator Server certificate
    • Click here to save Management Server certificate
  2. This will save the certificate into a ca.tgz file into your local system. You can store it in a secure place for when you need to restore the certificate.

To use a local CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section above) before switching to a new one.

  1. Depending on the file type of the local certificate, go to the Restore CA certificates by tgz file or Restore CA certificates by files section.
  2. Click Choose File to upload the local CA certificate file(s).

    Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  3. Specify the password(s), if any.
  4. Click Restore.
  5. Click OK.
  6. The local CA certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

    If the CA certificate is a global CA certificate that grants global access to websites at browser level, follow the next two sections to upload the corresponding server certificate and management certificate for the whole certificate chain to work.

To use a local server certificate:
  1. In the Restore Server certificates by files, click Choose File to upload the certificate and key.

    Make sure the server certificate is a match of the current CA certificate. Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  2. Specify the password and domain name, if any.
  3. Click Restore.
  4. Click OK.

    The local server certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

To use a local management certificate:
  1. In the Restore Management certificates by files, click Choose File to upload the certificate and key.

    Make sure the management certificate is a match of the current CA certificate. Only “Base-64 encoded X.509 (.cer)” format certificates are supported.

  2. Click Restore.
  3. Click OK.

    The local management certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

Note

For information about other certificate types, such as self-signed SSL certificates for a specific server or website or certificates used between FortiIsolator and FortiProxy or SAML servers, see Certificates.