Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Not applicable

Created on ‎12-12-2006 12:00 AM

Article Id 195502

Generating a certificate request - FortiMail 2.8

Article
DescriptionFortiMail units can generate digital certificate requests and import signed certificates for local use.
Components
  • FortiMail 2.8
Steps or Commands

FortiMail units can generate a certificate request based on the mandatory or optional information you enter to identify the FortiMail unit. Generated requests are displayed in the Local Certificates list with a status of pending. After you generate a certificate request, you can download the request to a computer that has management access to the FortiMail unit and then forward the request to a CA for signing.

To fill out a certificate request

  1. Go to System> Certificate> Local Certificate.
  2. Select Generate.
  3. Enter the subject (mandatory) and optional information needed to identify the FortiMail unit.
  4. Select OK.

The subject information provides the Distinguished Names (DNs) or Common Names (CNs) of local signed certificates. You can enter three types of subject information:

  • Host IP
    • Static Public IP - If the FortiMail unit has a static public IP address, select Host IP and enter the public IP address of the FortiMail unit.
    • Static Private IP – If the FortiMail unit has a static private IP address, select Host IP and enter the public IP address that mapped to the private IP of the FortiMail unit through a Network Address Translation device such as a firewall.
  • Domain Name

    Enter the fully qualified domain name of the FortiMail unit. Do not include the protocol specification (http://) or any port number or path names.

    • Example 1 – The main or managed domain is example.com; the local domain configured on the FortiMail (gateway or transparent) is the subdomain sub.example.com; and the host name is fortimail. Then fortimail.sub.example.com should be entered. The advantage of this scenario is that you need only one main registered domain – example.com.
    • Example 2 – The main or managed domain is example.com; the local domain configured on the FortiMail (gateway or transparent) is a different major domain called example.net; and the host name is fortimail. Enter fortimail.example.net.
  • Email Address

    If you select E-mail, enter the email address of the owner of the FortiMail unit.

Please note that only when both the name of the page you are viewing and the name on the certificate (CN or DN) matches then the name mismatch error will not occur. The table below summarizes different scenarios.

ID TypeAvailable FortiMail IDRecommended ID EntryExampleAccess Without Name Mismatch
IDStatic Public IPStatic Public IP10.10.10.1https://10.10.10.1/admin
IDStatic Public IPStatic Public IP mapped to the FortiMail Static Private IP11.11.11.2https://11.11.11.2/admin
Domain NameFully qualified domain nameFully qualified domain namefortimail.example.com
https://fortimail.example.com/admin
EmailEmail address of the FortiMail unit ownerEmail address of the FortiMail unit owneradmin@example.comNone (always causes name mismatch)

Labels:
1051
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.