Fortinet black logo

EMS Administration Guide

Adding an SSL certificate to FortiClient EMS

Adding an SSL certificate to FortiClient EMS

The following procedures describe how to configure an ACME certificate or manually upload a certificate to EMS. The other certificate types do not require user upload or configuration.

To configure an automated SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally accessing EMS via ports 80 and 443 using the configured fully qualified domain name (FQDN) is possible.
  3. Add an automated certificate:
    1. Go to System Settings > Server Certificates.
    2. Click Add.
    3. For Type, select Automated.
    4. In the Domain field, enter the EMS fully qualified domain name (FQDN). For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
    5. In the Email field, enter a valid email address.
    6. If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
    7. If desired, expand the Advanced section to configure a certificate authority (CA) server address and HTTP challenge port to communicate with an alternative public CA.
    8. Select the checkbox to agree to Let's Encrypt's terms of service.
    9. Click Import.
To manually upload an SSL certificate in FortiClient EMS:
  1. Go to System Settings > Server Certificates.
  2. Click Add.
  3. For Type, select Upload PKCS12 or Upload PEM.
  4. In the Certificate field, browse to and select the desired certificate.
  5. In the Certificate Password field or Private Key field, configure the desired password or private key for the certificate.
  6. Click Upload.

Adding an SSL certificate to FortiClient EMS

The following procedures describe how to configure an ACME certificate or manually upload a certificate to EMS. The other certificate types do not require user upload or configuration.

To configure an automated SSL certificate in FortiClient EMS:
  1. Go to System Settings > EMS Settings.
  2. Ensure that Remote HTTPS access and Redirect HTTP request to HTTPS are enabled. Externally accessing EMS via ports 80 and 443 using the configured fully qualified domain name (FQDN) is possible.
  3. Add an automated certificate:
    1. Go to System Settings > Server Certificates.
    2. Click Add.
    3. For Type, select Automated.
    4. In the Domain field, enter the EMS fully qualified domain name (FQDN). For the Let's Encrypt server to issue the certificate, the public DNS server must resolve the EMS FQDN to the EMS public IP address.
    5. In the Email field, enter a valid email address.
    6. If desired, enable Auto Renew. When Auto Renew is enabled, FortiClient EMS automatically renews the certificate before expiry.
    7. If desired, expand the Advanced section to configure a certificate authority (CA) server address and HTTP challenge port to communicate with an alternative public CA.
    8. Select the checkbox to agree to Let's Encrypt's terms of service.
    9. Click Import.
To manually upload an SSL certificate in FortiClient EMS:
  1. Go to System Settings > Server Certificates.
  2. Click Add.
  3. For Type, select Upload PKCS12 or Upload PEM.
  4. In the Certificate field, browse to and select the desired certificate.
  5. In the Certificate Password field or Private Key field, configure the desired password or private key for the certificate.
  6. Click Upload.