Created on 09-28-2016 02:36 AM Edited on 05-06-2022 09:13 AM By Anonymous
Description
Solution
Here is a step by step guide:
1) Log in to your Supervisor as root.
2) Generate the Private Key and Certificate Signing Request (CSR).
This step and the next applies to both self-signed and CA certificates.
openssl genrsa 2048 > fsiem.key
3) Create the Certificate Signing Request (CSR).
openssl req -new -key fsiem.key -out fsiem.csr
4) Create the self-signed certificate
If you want to use a certificate issued by a certificate authority, skip this step and send the CSR from Step 3 to the certificate authority. When you receive your certificate, proceed from Step 6 of these instructions.
openssl x509 -req -days 1461 -in fsiem.csr -signkey fsiem.key -out fsiem.crt
5) Verify the Self-Signed Certificate.
PUBLIC KEY must be matched
openssl rsa -in fsiem.key -pubout
openssl x509 -in fsiem.crt -pubkey
6) Apply the certificate by moving FortiSiem.crt and fsiem.key to /etc/httpd/conf.d.
7) Edit /etc/httpd/conf.d/ssl.conf file and make sure these parameters are configured with your certificate and private key filename.
- SSLCertificateFile /etc/httpd/conf.d/fsiem.crt
- SSLCertificateKeyFile /etc/httpd/conf.d/fsiem.key
8. Restart Apache.
service httpd restart
Related Articles
Technical Note: [Accelops KB] How to set up a proper CA-signed certificate
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.