Certificate usage
FortiProxy leverages certificates in multiple areas, such as administrative access, ZTNA, SAML authentication, LDAPs, VPNs, communication between Fortinet devices and services, deep packet inspection, and authenticating Security Fabric devices.
The default Fortinet factory self-signed certificates are provided to simplify initial installation and testing. Replace any used certificates with certificates that are signed by a trusted CA and specific to that FortiProxy
Certificates can be uploaded to the FortiProxy in multiple ways:
-
Automated Certificate Management Environment (ACME),
-
Simple Certificate Enrollment Protocol (SCEP),
-
Uploading a certificate in the GUI or CLI,
-
Creating a Certificate Signing Request (CSR), having it signed by a CA, then uploading the certificate.