Ping a Specific Port

Question

Myles Gray

Asked: 2011-09-16 02:02:21 +0800 CST2011-09-16 02:02:21 +0800 CST 2011-09-16 02:02:21 +0800 CST

Assign CA certificate to Fortigate https WAN interface

772

I have a Fortigate 80C that allows remote administration via https.

I access the URL and all fine but the one thing that really bugs me is that is brings up "untrusted connection" in chrome with the whole "click to proceed" thing.

At the moment the cert is self-signed by the Fortigate unit.

On the unit there are 5 CA signed certs for use but I cannot figure out how to assign these certs to the routers interfaces.

Does anyone know how to assign the CA signed certs to the WAN interface on port 443 so it wont ask me to confirm the cert all the time?

(I know the traffic is still encrypted but it is still nice to have)

4 Answers

Voted

Nandu · Answer 1 · 2012-05-18T01:15:35+08:00

Best Answer

Nandu

2012-05-18T01:15:35+08:002012-05-18T01:15:35+08:00

Upload your certificates to the firewall, Fortigate certificate user guide will help you out on this. Now to use this certificate for HTTPS admin access. Use the following CLI commands:

config system global
  set admin-server-cert <certname>
end

9

Sandmich · Answer 2 · 2015-01-30T13:52:38+08:00

Sandmich

2015-01-30T13:52:38+08:002015-01-30T13:52:38+08:00

Okay this is what I did on 5.2 so that I could use a certificate signed by our internal CA:

System->Certificates->Local Certificates->Generate (this will generate the CR)
Check-click the newly created CR and Download it and process it on your favorite CA
System->Certificates->Local Certificates->Import (this will import the signed cert), set Type to 'Local Certificate if it isn't already. The FortiGate should now have the CA info filled in for what was the CR.
Follow instructions above for setting the certificate as the admin interface cert:

Note this article that helps a little bit. However it's a little incomplete:

First do a 'conf system global'
Then do a 'set admin-server-cert ?' to pull up a list
Then 'set admin-server-cert < certname >' and then end

2

Justin Goldberg · Answer 3 · 2013-06-12T20:20:40+08:00

Justin Goldberg

2013-06-12T20:20:40+08:002013-06-12T20:20:40+08:00

The answer is here:

http://yurisk.info/2013/05/04/disabling-ssl-deep-inspection-proxy-in-fortigate-should-be-easier/

The relevant commands is here:

FGT80C # diagnose test application ssl 5
SSL AV Bypass is now on

0

khairil anwar · Answer 4 · 2011-12-22T01:48:46+08:00

khairil anwar

2011-12-22T01:48:46+08:002011-12-22T01:48:46+08:00

try this, http://docs.fortinet.com/fgt/archives/3.0/techdocs/FortiGate_SSL_VPN_User_Guide_01-30005-0348-20070911.pdf

-2

Assign CA certificate to Fortigate https WAN interface

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?