Fortinet black logo

Administration Guide

Home FortiIsolator 2.3.4 Administration Guide
2.3.4
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.4
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.2.2
1.2.1
1.2.0
1.1.0

Certificates

Certificates

The FortiIsolator allows users to use Self-signed SSL certificates for a specific server or website. Generally, self-signed certificates are very specific and often for an internal enterprise network. In this page you can import certificates for different purposes.

Note

FortiIsolator only supports “Base-64 encoded X.509 (.CER)” format Certificates.
Importing certificates

To import a certificate:

  1. Go to System > Certificates.
  2. Click Import in the toolbar. The Import Certificate page opens.
  3. Provide Certificate Name.

  4. Select Type.

    Parameter Description

    Isolator CA Certificate

    Users can regenerate a customized FortiIsolator certificate; once a customized FortiIsolator certificate has been created, it will replace the previous one. If not, the system shows the default certificate.

    Note

    FortiIsolator now supports importing certificates with password, certificates in PKCS12 format, and/or certificates that bundle with key file.

    Note

    The Isolator CA Certificate is built in and cannot be deleted.

    SAML Certificate Certificate for single-sign-on which is created in LDAP Server > SAML Server.
    Self Signed CA root Certificate

    This option allows the user to upload a self signed CA root Certificate on the FortiIsolator, which is a specific certificate file type that can support several trusted roots. A root_ca.crt file should be uploaded here.

    Intermediate CA Certificate

    This option allows the user to upload intermediate CA Certificates on the FortiIsolator, which works as a subordinate of the root certificate. The user can import intermediate CA Certificate instead of a root Certificate in major browsers. Then FortiIsolator works with the same behavior as importing root Certificates. The intermediate CA Certificate should be uploaded combined with its own trusted root Certificate: root_ca.crt (root Certificate) and sub_ca.crt (intermediate CA Certificate), along with sub_ca.key if necessary.

    Self-signed Server Certificate

    A standalone certificate used by the original issuer to verify if a site is legitimate.

  5. Click View in the toolbar. The View Certificate Detail Information page opens.
  6. Click OK to return to the certificates list.
Viewing certificate details

To view a certificate's details:

  1. Go to System > Certificates.
  2. Select the certificates you need to see details about.
  3. Provide Certificate Name.
Deleting certificates

To delete a certificate:

  1. Go to System > Certificates.
  2. Select the certificate you need to delete.
  3. Click Delete in the toolbar.
  4. Click OK in the confirmation dialog box to delete the selected certificate.
Note

The FortiIsolator CA Certificate cannot be deleted. Only the factor default certificate or the re-generated certificate can be deleted.

Assign Self-signed SSL certificates to user’s profile

Self-signed SSL certificates need to assign to user’s profile in order to take effective.

To assign a certificate to user’s profile:

  1. Go to Policies and Profile > Profile.
  2. Select Isolator profile and Edit.
  3. On the bottom of the page, next to Certificates, select the certificate that just imported and click OK.
  4. Go to Policies and Profile > Default Policy, select the profile for Default Isolator Profile, and click OK.
Note

If a Self-signed SSL certificate is a certificate chain that contains Root Certificate and Intermediate Certificates, both certificates need to be imported into FortiIsolator and selected in user’s profile.

How to regenerate the certificate

FortiIsolator CA Certificate can be re-generated in two ways:

  1. The default setting that come with factory setting.
  2. The customized settings that allows user to input.

Default certificate regeneration

To regenerate a FortiIsolator CA Certificate with factory defaults:

  1. Go to Dashboard > FortiIsolator CA Certificate.
  2. Click "Click here" to generate CA certificate.

Customized certificate regeneration

To regenerate a FortiIsolator CA Certificate with customized settings:

  1. Go to System > Certificates.
  2. Select Certificate Type as "CA Certificate," then click OK.
  3. From "Generate New CA Certificate: Step 2," input the settings.
Note

Once a FortiIsolator certificate has been generated/re-generated, it will replace the existing one.

Previous
Next

Certificates

The FortiIsolator allows users to use Self-signed SSL certificates for a specific server or website. Generally, self-signed certificates are very specific and often for an internal enterprise network. In this page you can import certificates for different purposes.

Note

FortiIsolator only supports “Base-64 encoded X.509 (.CER)” format Certificates.
Importing certificates

To import a certificate:

  1. Go to System > Certificates.
  2. Click Import in the toolbar. The Import Certificate page opens.
  3. Provide Certificate Name.

  4. Select Type.

    Parameter Description

    Isolator CA Certificate

    Users can regenerate a customized FortiIsolator certificate; once a customized FortiIsolator certificate has been created, it will replace the previous one. If not, the system shows the default certificate.

    Note

    FortiIsolator now supports importing certificates with password, certificates in PKCS12 format, and/or certificates that bundle with key file.

    Note

    The Isolator CA Certificate is built in and cannot be deleted.

    SAML Certificate Certificate for single-sign-on which is created in LDAP Server > SAML Server.
    Self Signed CA root Certificate

    This option allows the user to upload a self signed CA root Certificate on the FortiIsolator, which is a specific certificate file type that can support several trusted roots. A root_ca.crt file should be uploaded here.

    Intermediate CA Certificate

    This option allows the user to upload intermediate CA Certificates on the FortiIsolator, which works as a subordinate of the root certificate. The user can import intermediate CA Certificate instead of a root Certificate in major browsers. Then FortiIsolator works with the same behavior as importing root Certificates. The intermediate CA Certificate should be uploaded combined with its own trusted root Certificate: root_ca.crt (root Certificate) and sub_ca.crt (intermediate CA Certificate), along with sub_ca.key if necessary.

    Self-signed Server Certificate

    A standalone certificate used by the original issuer to verify if a site is legitimate.

  5. Click View in the toolbar. The View Certificate Detail Information page opens.
  6. Click OK to return to the certificates list.
Viewing certificate details

To view a certificate's details:

  1. Go to System > Certificates.
  2. Select the certificates you need to see details about.
  3. Provide Certificate Name.
Deleting certificates

To delete a certificate:

  1. Go to System > Certificates.
  2. Select the certificate you need to delete.
  3. Click Delete in the toolbar.
  4. Click OK in the confirmation dialog box to delete the selected certificate.
Note

The FortiIsolator CA Certificate cannot be deleted. Only the factor default certificate or the re-generated certificate can be deleted.

Assign Self-signed SSL certificates to user’s profile

Self-signed SSL certificates need to assign to user’s profile in order to take effective.

To assign a certificate to user’s profile:

  1. Go to Policies and Profile > Profile.
  2. Select Isolator profile and Edit.
  3. On the bottom of the page, next to Certificates, select the certificate that just imported and click OK.
  4. Go to Policies and Profile > Default Policy, select the profile for Default Isolator Profile, and click OK.
Note

If a Self-signed SSL certificate is a certificate chain that contains Root Certificate and Intermediate Certificates, both certificates need to be imported into FortiIsolator and selected in user’s profile.

How to regenerate the certificate

FortiIsolator CA Certificate can be re-generated in two ways:

  1. The default setting that come with factory setting.
  2. The customized settings that allows user to input.

Default certificate regeneration

To regenerate a FortiIsolator CA Certificate with factory defaults:

  1. Go to Dashboard > FortiIsolator CA Certificate.
  2. Click "Click here" to generate CA certificate.

Customized certificate regeneration

To regenerate a FortiIsolator CA Certificate with customized settings:

  1. Go to System > Certificates.
  2. Select Certificate Type as "CA Certificate," then click OK.
  3. From "Generate New CA Certificate: Step 2," input the settings.
Note

Once a FortiIsolator certificate has been generated/re-generated, it will replace the existing one.

Previous
Next