Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Installing SSL Certificates

    Home FortiNAC 9.4.0 Installing SSL Certificates
    9.4.0
    9.4.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.0
    8.3.0

    Step 6: Apply Certificates to Secondary Server

    Step 6: Apply Certificates to Secondary Server

    UI Method

    Note: FortiNAC management processes are stopped twice using this method and may require a maintenance window.

    1. Force a failover to the Secondary Server.

      1. Login to the Secondary Server CLI as root and run the following command:

        hsIsSlaveActive

        Ensure slave is active is returned. If slave is inactive is returned, do not proceed. Contact Support for assistance.

        Example:

        > hsIsSlaveActive

        Host myFortinac

        SQL version 5.6.39,

        slave is active

    2. Run the following commands to start tailing logs in the Secondary Server CLI:

      logs

      tail –F output.processManager | grep –i “Slave In Control”

    3. In a window, login to Primary Server CLI as root and run the following command to stop processes and force failover:

      shutdownNAC -kill

      After roughly 3-5 minutes, the failover should complete. The Secondary Server CLI should return (Slave) Slave In Control Idle(false) in the log.

    4. Login to the Administration UI for the Secondary Server and install certificates using the steps in section Upload the Certificate to FortiNAC.

    5. In a window, login to Primary Server CLI as root and run the following command to
      restart processes in preparation to resume control:

      startupNAC

    6. Restore control to the Primary Server. Click the Resume Control button in the Summary Dashboard panel. This will take several minutes to complete.

    Previous
    Next

    Step 6: Apply Certificates to Secondary Server

    Step 6: Apply Certificates to Secondary Server

    UI Method

    Note: FortiNAC management processes are stopped twice using this method and may require a maintenance window.

    1. Force a failover to the Secondary Server.

      1. Login to the Secondary Server CLI as root and run the following command:

        hsIsSlaveActive

        Ensure slave is active is returned. If slave is inactive is returned, do not proceed. Contact Support for assistance.

        Example:

        > hsIsSlaveActive

        Host myFortinac

        SQL version 5.6.39,

        slave is active

    2. Run the following commands to start tailing logs in the Secondary Server CLI:

      logs

      tail –F output.processManager | grep –i “Slave In Control”

    3. In a window, login to Primary Server CLI as root and run the following command to stop processes and force failover:

      shutdownNAC -kill

      After roughly 3-5 minutes, the failover should complete. The Secondary Server CLI should return (Slave) Slave In Control Idle(false) in the log.

    4. Login to the Administration UI for the Secondary Server and install certificates using the steps in section Upload the Certificate to FortiNAC.

    5. In a window, login to Primary Server CLI as root and run the following command to
      restart processes in preparation to resume control:

      startupNAC

    6. Restore control to the Primary Server. Click the Resume Control button in the Summary Dashboard panel. This will take several minutes to complete.

    Previous
    Next