Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
kmak
Staff
Staff

Created on ‎11-01-2023 05:57 AM

Article Id 282317

Technical Tip: How to obtain a Let's Encrypt SSL for a domain in FortiWeb with the True Transparent Proxy mode DNS validation type

Description This article describes the steps necessary to obtain a Let’s Encrypt Certificate for a domain in FortiWeb with the 'True Transparent Proxy Mode' DNS validation type.
Scope FortiWeb.
Solution

Prerequisites:

  • DNS control of the domain.
  • The DNS validation method does not renew automatically. These instructions require manual renewal of the certificate before it expires.
  • A FortiWeb Let’s Encrypt SSL Certificate request does not support a wildcard subdomain SAN in the current version (v7.4.0).

 

  1. In FortiWeb, navigate to Server Objects > Certificates > Let’s Encrypt. Create a new Let’s Encrypt Certificate request.

kmak_0-1698822635940.jpeg

 

  1. Select the DNS-01 request type, which means the Let’s Encrypt will use DNS TXT records to validate the domain ownership. Insert the name and the domain name.

kmak_1-1698822635945.jpeg

 

  1. Add the SAN hostname to be included in the Let’s Encrypt SSL certificate.

kmak_2-1698822635947.jpeg

 

  1. Select the 'issue' icon to initiate the Let’s Encrypt SSL request.
kmak_3-1698822635949.jpeg

 

  1. The Let’s Encrypt SSL status will change to 'Need user to proceed manually'. Select and edit the Let’s Encrypt SSL object.
kmak_4-1698822635951.jpeg

 

  1. There will be a button to download the DNS content file. Select and download the DNS content file.
kmak_5-1698822635953.jpeg

 

  1. Open the downloaded DNS content file using a text editor to check the DNS TXT records.

kmak_6-1698822635954.jpeg

 

  1. Add/update the DNS TXT records to the domain DNS zone and test the DNS records before validating from Let’s Encrypt.
kmak_7-1698822635956.jpeg

 

  1. Go back to the FortiWeb Let’s Encrypt page. Select the process icon to start the DNS validation.

kmak_8-1698822635958.jpeg

 

  1. The Let’s Encrypt SSL cert will show up with certificate revocation in progress.
kmak_9-1698822635960.jpeg

 

  1. The Let’s Encrypt SSL certificate request will complete within 5 to 10 minutes. Refresh the page to check the certificate status.

 

kmak_10-1698822635961.jpeg

 

  1. Now, navigate to the Server Pool page and update the SSL certificate settings for the related server pool.

 

kmak_11-1698822635966.jpeg

 

  1. Edit the real server and enable the SSL settings. Select Let’s Encrypt for the Certificate Type and select the obtained Let’s Encrypt SSL certificate from the dropdown menu. Select OK to save the settings.

kmak_12-1698822635970.jpeg

 

  1. To test, browse to a URL with the HTTPS protocol. It should load with the Let’s Encrypt SSL certificate.

 

kmak_13-1698822635972.jpeg

 

Related document:

Let's Encrypt Certificates - FortiWeb Administration Guide.
Labels:
355
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.