DescriptionThis article describes how to use a SSL Certificate on FortiGate for remote administration via web browser.ScopeFortiOS versions 4.0 MR2, 4.0 MR3, 5.0.x.
SolutionAssigning a SSL certificate to the admin interface for remote administration can be configured via CLI. By default, the self-signed certificate is used. FGT (global) # show full | grep admin-server-cert
set admin-server-cert "self-sign"
In order to check the certificates available on FortiGate, the following CLI command is used: FGT (global) # set admin-server-cert
Available Certificates:
self-sign local
Fortinet_Factory local
A signed SSL certificate can also be used for administrator GUI access, and for other functions that require a certificate.
SSL certificates can be purchased from any Certificate Authority (CA), such as DigiCert, GoDaddy, or GlobalSign, etc or a self-signed certificate can also be generated using open source tools such as OpenSSL or Windows.In order to use one of the SSL certificates listed, use the following CLI commands:# config system global
set admin-server-cert <cert_name>
end
Once this has been configured the FortiGate will use this certificate on the admin interface for remote HTTPS administration.
The FortiGate will then behave in the same way as outlined in the related article when remote HTTPS administration requests are made via an HTTP browser.
Related document.
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/228718/creating-a-certificate-with-opens...
https://docs.fortinet.com/document/fortigate/6.4.1/administration-guide/825073/purchase-and-import-a...
Related Articles
Technical Tip: Using built-in Self-Signed Certificates
