Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Examples

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Configuring FortiManager to deploy certificates for admin GUI access

    Configuring FortiManager to deploy certificates for admin GUI access

    The steps for deploying an end-entity certificate for admin GUI access are as follows:

    1. Creating the certificate for administrator web access

    2. Uploading the certificate to FortiManager

    3. Apply the certificate to the FortiGate in FortiManager

    4. Install the certificate

    5. Verify the certificate was installed correctly

    Creating the certificate for administrator web access

    When selecting a certificate to secure HTTPS access, there are a few options you may consider. This example utilizes a wildcard certificate so that it may be applied to several FortiGates in the same domain, such as FGT1.domain.com, FGT2.domain.com, etc.

    This wildcard certificate is signed by the same CA used to sign the intermediate CA used by SSL/SSH inspection.

    To create the certificate on FortiAuthenticator:

    1. Navigate to Certificate Management > End Entities > Users.

    2. Select + Create New.

    3. Provide details for your FortiGate certificate.

    4. Expand Advanced Options: Key Usages and add Server Authentication to the Chosen Extended Key Usages.

    5. Select OK to save the certificate.
    6. Select the generated certificate using the checkbox, and click Export Key and Cert.
    7. Provide a passphrase and click OK.
    8. Click Download PKCS#12 file to download the certificate.

    Uploading the certificate to FortiManager

    To upload the certificate to FortiManager:

    1. Navigate to Policy & Objects > Advanced.

    2. From the top menu bar, select Tools > Feature Visibility, and under Advanced enable Dynamic Local Certificate.

    3. Select Dynamic Local Certificate from the top.

    4. Select +Create New in the top left.

    5. Specify a name for the certificate.

    6. Expand Per-Device Mapping and select Create New to create a new mapping.

    7. Select the target FortiGate for Mapped device.

    8. Select Import next to Import Certificate.

    9. Select Local Certificate for Type.

    10. Upload the file by browsing or drag-and-dropping the certificate.

    11. Specify the name for the certificate.

    12. Select OK.

      Tooltip

      If the newly uploaded certificate does not appear in the dropdown for Local Certificate, select OK, then select the mapped device and edit once more.

    13. Use the Local Certificate dropdown to select the newly uploaded certificate.

    14. Select OK to save the per-device mapping.

    15. Provide a change note and select OK to save the dynamic local certificate.

    Apply the certificate to the FortiGate in FortiManager

    To apply the certificate to the FortiGate in FortiManager:

    1. Navigate to Device & Groups, and select the FortiGate you wish to install the certificate on.

    2. Select System: Settings from the top menu bar.

    3. Under Administration Settings, use the dropdown next to HTTPS Server Certificate to select the certificate you uploaded in the previous step.

    4. Select Apply.

    Install the certificate

    To install the certificate on the FortiGate:

    1. Select Install Wizard from the top menu bar

    2. Select Install Device Settings (only) and click Next.

    3. Select the device you wish to install the certificate on, and click Next.

    4. If the connection is up, proceed by clicking Install.

      • You may wish to review the Install Preview to ensure all changes are as expected prior to installing.

    5. Select Finish when the installer completes.

    Verify the certificate was installed correctly

    To verify the certificate was successfully installed on FortiGate:

    1. Navigate to the FortiGate’s GUI web page. This should match the SAN field of the certificate.

    2. Notice how the connection is secure, and the certificate used to secure the connection is the same certificate you configured in the previous steps.

    Previous
    Next

    Configuring FortiManager to deploy certificates for admin GUI access

    Configuring FortiManager to deploy certificates for admin GUI access

    The steps for deploying an end-entity certificate for admin GUI access are as follows:

    1. Creating the certificate for administrator web access

    2. Uploading the certificate to FortiManager

    3. Apply the certificate to the FortiGate in FortiManager

    4. Install the certificate

    5. Verify the certificate was installed correctly

    Creating the certificate for administrator web access

    When selecting a certificate to secure HTTPS access, there are a few options you may consider. This example utilizes a wildcard certificate so that it may be applied to several FortiGates in the same domain, such as FGT1.domain.com, FGT2.domain.com, etc.

    This wildcard certificate is signed by the same CA used to sign the intermediate CA used by SSL/SSH inspection.

    To create the certificate on FortiAuthenticator:

    1. Navigate to Certificate Management > End Entities > Users.

    2. Select + Create New.

    3. Provide details for your FortiGate certificate.

    4. Expand Advanced Options: Key Usages and add Server Authentication to the Chosen Extended Key Usages.

    5. Select OK to save the certificate.
    6. Select the generated certificate using the checkbox, and click Export Key and Cert.
    7. Provide a passphrase and click OK.
    8. Click Download PKCS#12 file to download the certificate.

    Uploading the certificate to FortiManager

    To upload the certificate to FortiManager:

    1. Navigate to Policy & Objects > Advanced.

    2. From the top menu bar, select Tools > Feature Visibility, and under Advanced enable Dynamic Local Certificate.

    3. Select Dynamic Local Certificate from the top.

    4. Select +Create New in the top left.

    5. Specify a name for the certificate.

    6. Expand Per-Device Mapping and select Create New to create a new mapping.

    7. Select the target FortiGate for Mapped device.

    8. Select Import next to Import Certificate.

    9. Select Local Certificate for Type.

    10. Upload the file by browsing or drag-and-dropping the certificate.

    11. Specify the name for the certificate.

    12. Select OK.

      Tooltip

      If the newly uploaded certificate does not appear in the dropdown for Local Certificate, select OK, then select the mapped device and edit once more.

    13. Use the Local Certificate dropdown to select the newly uploaded certificate.

    14. Select OK to save the per-device mapping.

    15. Provide a change note and select OK to save the dynamic local certificate.

    Apply the certificate to the FortiGate in FortiManager

    To apply the certificate to the FortiGate in FortiManager:

    1. Navigate to Device & Groups, and select the FortiGate you wish to install the certificate on.

    2. Select System: Settings from the top menu bar.

    3. Under Administration Settings, use the dropdown next to HTTPS Server Certificate to select the certificate you uploaded in the previous step.

    4. Select Apply.

    Install the certificate

    To install the certificate on the FortiGate:

    1. Select Install Wizard from the top menu bar

    2. Select Install Device Settings (only) and click Next.

    3. Select the device you wish to install the certificate on, and click Next.

    4. If the connection is up, proceed by clicking Install.

      • You may wish to review the Install Preview to ensure all changes are as expected prior to installing.

    5. Select Finish when the installer completes.

    Verify the certificate was installed correctly

    To verify the certificate was successfully installed on FortiGate:

    1. Navigate to the FortiGate’s GUI web page. This should match the SAN field of the certificate.

    2. Notice how the connection is secure, and the certificate used to secure the connection is the same certificate you configured in the previous steps.

    Previous
    Next