FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 194302

Description

 

This article provides examples of how to sign a certificate with a CA, import it into a FortiGate, and import a root CA into a web browser.

 

Scope

 

Any supported version of FortiGate.

 

Solution

1 - Issues encountered when certificates are not signed by a trusted CA.
2 - Step by step procedure: Signing a CA with Microsoft root CA - Importing in a Fortigate and a Web....

1) Issues encountered when certificates are not signed by a trusted CA or an invalid certificate.

When one browser attempts to connect to a FortiGate with HTTPS (SSL) and the FortiGate certificate is not signed by a trusted CA or the certificate is invalid, the client's browser will display a security warning message.


The format of the message will depend on the browser in use. The example below is provided for Mozilla Firefox.

The technical details in this example indicate there were 2 problems detected :

- The certificate is not trusted because it is self-signed.

- The certificate is only valid for FG5A013E08600157: this is the common name (CN) for which the certificate has been issued, and it does not correspond to the URL that was entered in the browser (https://192.168.183.119).


rmetzger_FD33000_ScreenShot144.jpg
2) Step-by-step procedure: signing a CA with the Microsoft root CA, importing it into a FortiGate and a Web browser, and using the certificate for admin access.

Note: FortiGate supports 2 formats for the root certificate export: DER and Base-64. Either one can be chosen.