Description
This article describes how to use a SSL Certificate on FortiGate for remote administration via web browser.
Scope
FortiGate versions 4.0 MR2, 4.0 MR3, 5.x.x, 6.x.x, 7.0.x, 7.2.x, 7.4.x.
Solution
Assigning an SSL certificate to the admin interface for remote administration can be configured via CLI. By default, the self-signed certificate is used.
FGT (global) # show full | grep admin-server-cert
set admin-server-cert "self-sign"
To check the certificates available on FortiGate, the following CLI command is used:
FGT (global) # set admin-server-cert
Available Certificates:
self-sign local
Fortinet_Factory local
Fortinet_GUI_Server local
A signed SSL certificate can also be used for administrator GUI access, and for other functions that require a certificate.
SSL certificates can be purchased from any Certificate Authority (CA), such as DigiCert, GoDaddy, or GlobalSign, etc or a self-signed certificate can also be generated using open-source tools such as OpenSSL or Windows.
To use one of the SSL certificates listed, use the following CLI commands:
config system global
set admin-server-cert <cert_name>
end
Once this has been configured the FortiGate will use this certificate on the admin interface for remote HTTPS administration.
The FortiGate will then behave in the same way as outlined in the related article when remote HTTPS administration requests are made via an HTTP browser.
Related documents:
Creating a certificate with OpenSSL
Purchase and import a signed SSL certificate
Related article:
Technical Tip: Using built-in Self-Signed Certificates
