Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Not applicable

Created on ‎05-15-2009 12:36 PM Edited on ‎12-16-2021 12:19 PM

Article Id 193092

Technical Tip: How to upload a .csr local certificate file to FortiAnalyzer

Description
The FortiAnalyzer does not have a way to create a .csr file.  These files can only be imported.  Only files in PKCS12 format can be imported as a certificate.  If a local CA cert does not use this format, users may need to convert it to that first using openssl.
Solution

When the correctly formatted file is ready for use the following steps can be used to import it:

In the CLI of FortiAnalyzer:

global# exec restore https-cert ftp <ip> <username> <password> <dir> <filename> <password>
Use a ? after each option to see the next option.
Use - if user does not have a password.

Example:
exec restore https-cert ftp 172.16.87.191 userA 123456 cert-dir cert 123456

Note: This command will download a certificate and use it to replace the current HTTPS certificate.
Do you want to continue? (y/n)y

Connect to ftp server 172.16.87.191 ...

The certificate file was downloaded from ftp server 172.16.87.191.

Successfully restored the HTTPS certificate.
You need to reboot your system to make it effective.
Important

When creating a certificate using open SSL or Windows CA generate the cert with a stronger algorithm, such as:

openssl pkcs12 -certpbe 3DES ...

 

Labels:
1926
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.