Fortinet black logo

EMS Administration Guide

CA Certificates

CA Certificates

If FortiOS is connected to EMS using the EMS API, deep inspection is enabled, and the Fabric connection between FortiOS and FortiClient EMS has already been configured, EMS automatically imports the FortiOS CA certificate. You then only need to apply the certificate in the desired endpoint profile. See System Settings. In this scenario, you do not need to manually upload or import CA certificates to EMS.

If you manually delete the imported certificate from EMS, EMS does not automatically reimport the certificate from FortiOS, even when EMS and FortiOS remain connected via the Fabric connector. EMS also does not automatically delete an already imported certificate if the Fabric connection between FortiOS and EMS is removed.

If FortiOS is not sending the CA certificate to EMS, you can manually upload or import CA certificates as the following describes.

After uploading or importing a certificate, you must configure it in a profile using the Install CA Certificate on Client option to provision it to endpoints. See System Settings.

To upload a CA certificate:

You can locally upload a CA certificate.

  1. Go to Endpoint Policy & Components > CA Certificates.
  2. Select Upload.
  3. In the Upload Local Certificate window, click Browse and locate the certificate.
  4. Click Upload.
To import a CA certificate:
  1. Go to Endpoint Policy & Components > CA Certificates.
  2. Select Import.
  3. In the Import Certificates from FortiGate window, enter the following information:

    IP address/Hostname

    Enter the server IP/hostname in the following format: <ip address> : <port>.

    VDOM

    Enter the VDOM name.

    Username

    Enter the username.

    Password

    Enter the password.

  4. Click Import to import the certificate.

CA Certificates

If FortiOS is connected to EMS using the EMS API, deep inspection is enabled, and the Fabric connection between FortiOS and FortiClient EMS has already been configured, EMS automatically imports the FortiOS CA certificate. You then only need to apply the certificate in the desired endpoint profile. See System Settings. In this scenario, you do not need to manually upload or import CA certificates to EMS.

If you manually delete the imported certificate from EMS, EMS does not automatically reimport the certificate from FortiOS, even when EMS and FortiOS remain connected via the Fabric connector. EMS also does not automatically delete an already imported certificate if the Fabric connection between FortiOS and EMS is removed.

If FortiOS is not sending the CA certificate to EMS, you can manually upload or import CA certificates as the following describes.

After uploading or importing a certificate, you must configure it in a profile using the Install CA Certificate on Client option to provision it to endpoints. See System Settings.

To upload a CA certificate:

You can locally upload a CA certificate.

  1. Go to Endpoint Policy & Components > CA Certificates.
  2. Select Upload.
  3. In the Upload Local Certificate window, click Browse and locate the certificate.
  4. Click Upload.
To import a CA certificate:
  1. Go to Endpoint Policy & Components > CA Certificates.
  2. Select Import.
  3. In the Import Certificates from FortiGate window, enter the following information:

    IP address/Hostname

    Enter the server IP/hostname in the following format: <ip address> : <port>.

    VDOM

    Enter the VDOM name.

    Username

    Enter the username.

    Password

    Enter the password.

  4. Click Import to import the certificate.