Fortinet black logo

Administration Guide

Home FortiIsolator 2.4.3 Administration Guide
2.4.3
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.4
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.2.2
1.2.1
1.2.0
1.1.0

FortiIsolator CA certificate

FortiIsolator CA certificate

The FortiIsolator CA certificate is required for access to the FortiIsolator. By default, the FortiIsolator uses the built-in CA certificate. You can also generate or upload a custom CA certificate to meet your needs. However, you can revert to the default CA certificate anytime.

The CA certificate auto-generates a matching server certificate for accessing the FortiIsolator database and a matching management certificate for accessing the FortiIsolator GUI. For custom CA certificates, you can also upload a custom server or management certificate that is a match of the custom CA certificate.

By default, the CA certificate must be installed on each device that uses the FortiIsolator to visit websites unless you use a global CA certificate that grants global access to websites at browser level.

Note FortiIsolator only supports “Base-64 encoded X.509 (.cer)” format certificates.

To back up, restore, generate, or upload a specific certificate, click Dashboard in the administration portal and click theBackup/Restore link near Isolator CA Certificate in the System Information widget, which redirects to the Isolator CA Certificate page:

To revert to the default CA certificate:
  1. In the Re-Generate Isolator CA certificate section, click the link in Click here to generate Default CA certificate.

    2. The default CA Certificate will be restored and the FortiIsolator will reboot, which might take a few minutes.

To use a custom-generated CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section below) before switching to a new one.
  1. In the Re-Generate Isolator CA certificate section, click the link in Click here to generate CA certificate.
  2. Specify the values of the certificate attributes and click OK. Bold indicate required attributes.
To back up the current CA certificate:
  1. In the Backup CA certificate section, click the link in Click here to save your backup file to save your backup file.

    2. This will save ca.tgz file into your local system; you can store it in a secure place for when you need to restore the system.

To use a local CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section above) before switching to a new one.
  1. Depending on the file type of the local certificate, go to the Restore CA certificates by tgz file or Restore CA certificates by files section.
  2. Click Choose File to upload the local CA certificate file(s).
  3. Specify the password(s), if any.
  4. Click Restore.
  5. Click OK.

    6. The local CA certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes. If the CA certificate is a global CA certificate that grants global access to websites at browser level, follow the next two sections to upload the corresponding server certificate and management certificate for the whole certificate chain to work.

To use a local server certificate:
  1. In the Restore Server certificates by files, click Choose File to upload the certificate and key. Make sure the server certificate is a match of the current CA certificate.
  2. Specify the password and domain name, if any.
  3. Click Restore.
  4. Click OK.

    The local server certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

To use a local management certificate:
  1. In the Restore Management certificates by files, click Choose File to upload the certificate and key. Make sure the management certificate is a match of the current CA certificate.
  2. Click Restore.
  3. Click OK.

    The local management certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

Previous
Next

FortiIsolator CA certificate

The FortiIsolator CA certificate is required for access to the FortiIsolator. By default, the FortiIsolator uses the built-in CA certificate. You can also generate or upload a custom CA certificate to meet your needs. However, you can revert to the default CA certificate anytime.

The CA certificate auto-generates a matching server certificate for accessing the FortiIsolator database and a matching management certificate for accessing the FortiIsolator GUI. For custom CA certificates, you can also upload a custom server or management certificate that is a match of the custom CA certificate.

By default, the CA certificate must be installed on each device that uses the FortiIsolator to visit websites unless you use a global CA certificate that grants global access to websites at browser level.

Note FortiIsolator only supports “Base-64 encoded X.509 (.cer)” format certificates.

To back up, restore, generate, or upload a specific certificate, click Dashboard in the administration portal and click theBackup/Restore link near Isolator CA Certificate in the System Information widget, which redirects to the Isolator CA Certificate page:

To revert to the default CA certificate:
  1. In the Re-Generate Isolator CA certificate section, click the link in Click here to generate Default CA certificate.

    2. The default CA Certificate will be restored and the FortiIsolator will reboot, which might take a few minutes.

To use a custom-generated CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section below) before switching to a new one.
  1. In the Re-Generate Isolator CA certificate section, click the link in Click here to generate CA certificate.
  2. Specify the values of the certificate attributes and click OK. Bold indicate required attributes.
To back up the current CA certificate:
  1. In the Backup CA certificate section, click the link in Click here to save your backup file to save your backup file.

    2. This will save ca.tgz file into your local system; you can store it in a secure place for when you need to restore the system.

To use a local CA certificate:
Note

If you use a non-default CA certificate, Fortinet recommends that you back up the current CA certificate (see section above) before switching to a new one.
  1. Depending on the file type of the local certificate, go to the Restore CA certificates by tgz file or Restore CA certificates by files section.
  2. Click Choose File to upload the local CA certificate file(s).
  3. Specify the password(s), if any.
  4. Click Restore.
  5. Click OK.

    6. The local CA certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes. If the CA certificate is a global CA certificate that grants global access to websites at browser level, follow the next two sections to upload the corresponding server certificate and management certificate for the whole certificate chain to work.

To use a local server certificate:
  1. In the Restore Server certificates by files, click Choose File to upload the certificate and key. Make sure the server certificate is a match of the current CA certificate.
  2. Specify the password and domain name, if any.
  3. Click Restore.
  4. Click OK.

    The local server certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

To use a local management certificate:
  1. In the Restore Management certificates by files, click Choose File to upload the certificate and key. Make sure the management certificate is a match of the current CA certificate.
  2. Click Restore.
  3. Click OK.

    The local management certificate will be used and the FortiIsolator will be rebooted, which might take a few minutes.

Previous
Next