Fortinet black logo

EMS Administration Guide

Adding an SSL certificate to FortiClient EMS

Adding an SSL certificate to FortiClient EMS

You can add an SSL certificate to FortiClient EMS in one of the following ways:

Method

Description

Automated

The public Let's Encrypt certificate authority uses the Automated Certificate Management Environment (ACME), as RFC 8555 defines, to provide free SSL server certificates. You can configure FortiClient EMS to use certificates that Let's Encrypt manages and other certificate management services that use the ACME protocol.

Upload

Manually upload an SSL certificate.

To configure an automated SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally accessing EMS via ports 80 and 443 using the configured fully qualified domain name (FQDN) is possible.
  3. In the SSL certificate field, click the Import SSL certificate button.
  4. Select Automated.
  5. In the Domain field, enter the EMS FQDN. For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
  6. In the Email field, enter a valid email address.
  7. If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
  8. Select the checkbox to agree to Let's Encrypt's terms of service.
  9. Click Import.
To manually upload an SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. In the SSL certificate field, click the Import SSL certificate button.
  3. Select Upload.
  4. In the Certificate field, browse to and select the desired certificate.
  5. In the Certificate Password field, configure the desired password for the certificate.
  6. Click Upload.

Adding an SSL certificate to FortiClient EMS

You can add an SSL certificate to FortiClient EMS in one of the following ways:

Method

Description

Automated

The public Let's Encrypt certificate authority uses the Automated Certificate Management Environment (ACME), as RFC 8555 defines, to provide free SSL server certificates. You can configure FortiClient EMS to use certificates that Let's Encrypt manages and other certificate management services that use the ACME protocol.

Upload

Manually upload an SSL certificate.

To configure an automated SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally accessing EMS via ports 80 and 443 using the configured fully qualified domain name (FQDN) is possible.
  3. In the SSL certificate field, click the Import SSL certificate button.
  4. Select Automated.
  5. In the Domain field, enter the EMS FQDN. For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
  6. In the Email field, enter a valid email address.
  7. If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
  8. Select the checkbox to agree to Let's Encrypt's terms of service.
  9. Click Import.
To manually upload an SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. In the SSL certificate field, click the Import SSL certificate button.
  3. Select Upload.
  4. In the Certificate field, browse to and select the desired certificate.
  5. In the Certificate Password field, configure the desired password for the certificate.
  6. Click Upload.