Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Installing SSL Certificates

    Home FortiNAC 9.4.0 Installing SSL Certificates
    9.4.0
    9.4.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.0
    8.3.0

    Step 3: Upload the Certificate to FortiNAC

    Step 3: Upload the Certificate to FortiNAC

    Once the certificates are received from the CA, upload them to the applicable FortiNAC certificate targets (Admin UI, Captive Portal, Persistent Agent, RADIUS).

    • If the certificate files were a result of a CSR generated by FortiNAC, the files must be installed on FortiNAC for the target used to generate the CSR.

    • If the Certificate was generated elsewhere, then a private key must be provided with the certificate. Important: The private key cannot be password protected and must be in RSA format. To verify, see related KB article Convert SSL private key to RSA format.

      Tip: If using the same certificate for multiple targets (Admin UI, Portal, Persistent Agent, etc), first install certificate in a target that’s easy to validate (such as the Admin UI). Once validated, the files can be copied to the other targets.

    1. Upload the valid SSL certificate to the appliance when the certificate file is returned from the CA. Certificate files can be returned to you in one of several configurations. Depending upon the CA, one or multiple certificate files may be returned.


    2. Save the file(s) received from the CA to your PC.

    3. Select System > Certificate Management.

    4. Click Upload Certificate.

    5. Select the target where the certificate will be uploaded. If the certificate files were a result of a CSR generated by FortiNAC, the files must be installed on FortiNAC for the target used to generate the CSR.

      Admin UI

      Local RADIUS Server (EAP)

      Persistent Agent

      Portal

      RADIUS Endpoint Trust

    6. For the Private Key, select the appropriate drop-down menu option:

      • Select Use Private Key from Last Generated CSR if the files received were due from generating a CSR in FortiNAC (certificate target must be the one used to generate CSR).

      • Select Reuse Private Key from Existing Certificate to use the private key for the certificate currently in use. This option is for renewing an existing installed certificate.

      • Select Upload Private Key to upload a key stored outside FortiNAC. Click Choose to find and upload the private key.

    7. Click the Choose File button to find and select the certificate to be uploaded. Users can also upload CA certificates and CA bundles.

      Important: Upload any relevant intermediate certificate files needed for the creation of a complete certificate chain of authority. The Certificate Authority should be able to provide these files. Without a complete certificate chain of authority, the target functionality may produce error/warning messages.

    8. Click the Add Certificate button if multiple certificates were returned. Use this to enter each additional certificate file.

    9. Click OK.

    10. If the Certificate was successfully installed, you will be prompted to restart the target’s services. Note: Only the service specific to the target is restarted. General FortiNAC operation is not interrupted.

      If unexpected behavior occurs, see Troubleshooting.

    11. Validate certificate is active. For example, if the certificate was installed in the Admin UI target, browse to the Administration UI

      https://<FortiNAC hostname secured by certificate>:8443

      Important: Ensure the name used in the URL is the one specified in the certificate.

      Examine the certificate details in the browser (such as the security lock icon or whichever method is offered by that browser).

      If not secure, verify all intermediate and root certificates were included. See related KB article Identify missing SSL certificates via administration UI.

      If unexpected behavior occurs, see Troubleshooting.

    Previous
    Next

    Step 3: Upload the Certificate to FortiNAC

    Step 3: Upload the Certificate to FortiNAC

    Once the certificates are received from the CA, upload them to the applicable FortiNAC certificate targets (Admin UI, Captive Portal, Persistent Agent, RADIUS).

    • If the certificate files were a result of a CSR generated by FortiNAC, the files must be installed on FortiNAC for the target used to generate the CSR.

    • If the Certificate was generated elsewhere, then a private key must be provided with the certificate. Important: The private key cannot be password protected and must be in RSA format. To verify, see related KB article Convert SSL private key to RSA format.

      Tip: If using the same certificate for multiple targets (Admin UI, Portal, Persistent Agent, etc), first install certificate in a target that’s easy to validate (such as the Admin UI). Once validated, the files can be copied to the other targets.

    1. Upload the valid SSL certificate to the appliance when the certificate file is returned from the CA. Certificate files can be returned to you in one of several configurations. Depending upon the CA, one or multiple certificate files may be returned.


    2. Save the file(s) received from the CA to your PC.

    3. Select System > Certificate Management.

    4. Click Upload Certificate.

    5. Select the target where the certificate will be uploaded. If the certificate files were a result of a CSR generated by FortiNAC, the files must be installed on FortiNAC for the target used to generate the CSR.

      Admin UI

      Local RADIUS Server (EAP)

      Persistent Agent

      Portal

      RADIUS Endpoint Trust

    6. For the Private Key, select the appropriate drop-down menu option:

      • Select Use Private Key from Last Generated CSR if the files received were due from generating a CSR in FortiNAC (certificate target must be the one used to generate CSR).

      • Select Reuse Private Key from Existing Certificate to use the private key for the certificate currently in use. This option is for renewing an existing installed certificate.

      • Select Upload Private Key to upload a key stored outside FortiNAC. Click Choose to find and upload the private key.

    7. Click the Choose File button to find and select the certificate to be uploaded. Users can also upload CA certificates and CA bundles.

      Important: Upload any relevant intermediate certificate files needed for the creation of a complete certificate chain of authority. The Certificate Authority should be able to provide these files. Without a complete certificate chain of authority, the target functionality may produce error/warning messages.

    8. Click the Add Certificate button if multiple certificates were returned. Use this to enter each additional certificate file.

    9. Click OK.

    10. If the Certificate was successfully installed, you will be prompted to restart the target’s services. Note: Only the service specific to the target is restarted. General FortiNAC operation is not interrupted.

      If unexpected behavior occurs, see Troubleshooting.

    11. Validate certificate is active. For example, if the certificate was installed in the Admin UI target, browse to the Administration UI

      https://<FortiNAC hostname secured by certificate>:8443

      Important: Ensure the name used in the URL is the one specified in the certificate.

      Examine the certificate details in the browser (such as the security lock icon or whichever method is offered by that browser).

      If not secure, verify all intermediate and root certificates were included. See related KB article Identify missing SSL certificates via administration UI.

      If unexpected behavior occurs, see Troubleshooting.

    Previous
    Next