Fortigate SSL-Certificate Installation.
This Blogs will explaing you about fortigate SSL certification installation process.
SSL certificate can be used for multiple purpose in fortigate firewalls such as, HTTPS error while accessing Firewalls in web browser, Certificate error when trying to login into Forticlient VPN.
To mitigate this issues and as a best practice we should also use a signed Cert for HTTPS access and for our enterprise SSL-VPN.
Steps for SSL installation.
- CSR generate.
- Install Root CA in fortigate firewall.
- Sign CSR and install Signed CSR.
Writing this blogs as from last couple of weeks was working with TAC teams and some professional on a scenerio for SSL installation, after doing a complete SSL process we still get a certificate error while trying to access Firewall via web browser.
After a alot of debug and research we got a solution after 6.5 or later fortigate started checking SAN ( subject alternate name) fields while doing a cert check process.
Usually we can have SAN as a Ip address or DNS name but in fortigate firewalls i observed you should have a DNS name as a SAN for certificate installation.
Explained whole process in the below video with SAN field and without SAN field with same Root CA.
Comments
Post a Comment