Fortinet black logo

SD-WAN Deployment for MSSPs

Home FortiGate / FortiOS 7.0.0 SD-WAN Deployment for MSSPs
7.0.0
7.2.0
7.0.0
6.4.0

Certificate templates

Certificate templates

The certificate templates are used to issue certificates for IPsec authentication. We will create two certificate templates named Edge and Hub.

To create a certificate templates:
  1. In Device Manager, go to Provisioning Templates > Certificate Templates, and click Create New to create two templates named Edge and Hub:

  2. Set Certificate Name to the names used in the IPsec configuration.

    Note

    The Certificate Name field is used for the name of the generated certificate. In our example, the certificates are named Edge and Hub. Therefore, the certificate template names must correspond to the names used in the IPsec configuration. In our case, the IPsec configuration is generated by the Jinja CLI templates that use the Edge and Hub names by default.

  3. Set Type to Local to use the certificate authority built into FortiManager:

    Although this example uses the certificate authority (CA) built into FortiManager, an external CA is also supported. You can use a third-party product or FortiAuthenticator as an external CA. FortiAuthenticator is worth considering, and it can run inside FortiManager as a management extension application (MEA)!

  4. Configure the required certificate parameters, and save the templates.
Previous
Next

Certificate templates

The certificate templates are used to issue certificates for IPsec authentication. We will create two certificate templates named Edge and Hub.

To create a certificate templates:
  1. In Device Manager, go to Provisioning Templates > Certificate Templates, and click Create New to create two templates named Edge and Hub:

  2. Set Certificate Name to the names used in the IPsec configuration.

    Note

    The Certificate Name field is used for the name of the generated certificate. In our example, the certificates are named Edge and Hub. Therefore, the certificate template names must correspond to the names used in the IPsec configuration. In our case, the IPsec configuration is generated by the Jinja CLI templates that use the Edge and Hub names by default.

  3. Set Type to Local to use the certificate authority built into FortiManager:

    Although this example uses the certificate authority (CA) built into FortiManager, an external CA is also supported. You can use a third-party product or FortiAuthenticator as an external CA. FortiAuthenticator is worth considering, and it can run inside FortiManager as a management extension application (MEA)!

  4. Configure the required certificate parameters, and save the templates.
Previous
Next