Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Certificates

In this page you can import, view, download and delete certificates. Certificates are used for secure connection to an LDAP server, system HTTPS and SSH services. The FortiSandbox has one default certificate firmware which means the certificate is installed on the unit by Fortinet.

FSA does not support generating certificates, but importing certificates for SSH and HTTPS access to FSA..crt, PKCS12, and .pem formats are supported.

The following options are available:

Import

Import a certificate.

Service

Select to configure specific certificates for the HTTP and SSH servers.

View

Select a certificate in the list and select View in the toolbar to view the CA certificate details.

Delete

Select a certificate in the list and select Delete in the toolbar to delete the certificate.

The following information is displayed:

Name

The name of the certificate.

Subject

The subject of the certificate.

Status

The certificate status, active or expired.

Service

HTTPS or SSH service that is using this certificate.

Certificate

Download the server certificate.

Sub Certificate

Download the intermediate CA (Certificate Authority) certificate if you are using a certificate chain.

Cacert

Download the CA (Certificate Authority) certificate.

To import a certificate:
  1. Go to System > Certificates.
  2. Click Import from the toolbar.
  3. Enter the certificate name in the text field.
  4. Click Choose File and locate the certificate and key files on your management computer.
  5. Optionally, you can import the intermediate CA certificate by clicking the Choose File button for Sub Certificate, and locating the intermediate CA certificate file.
  6. Click OK to import the certificate.

You also have the option to import a Password Protected PKCS12 Certificate. To import a PKCS12 Certificate, check the PKCS12 Format box upon importing a new certificate and writing down the possible password. When checking the PKCS12 Format box, the other Certificate file selection boxes disappear and are replaced by the PKCS12 File selection option because only this type is valid.

To view a certificate:
  1. Go to System > Certificates.
  2. Select the certificate from the list and click View from the toolbar.
  3. The following information is available:

    Certificate Name

    The name of the certificate.

    Status

    The certificate status.

    Serial number

    The certificate serial number.

    Issuer

    The issuer of the certificate.

    Subject

    The subject of the certificate.

    Effective date

    The date and time that the certificate became effective.

    Expiration date

    The date and time that the certificate expires.

  4. Click OK to return to the Certificates page.
To download a CA certificate:
  1. Go to System > Certificates.
  2. Click the download icon in one of the columns: Certificate, Sub Certificate, or Cacert.

To delete a CA certificate:
  1. Go to System > Certificates.
  2. Select the certificate from the list and click Delete from the toolbar.
  3. Click Yes, I’m sure in the Are You Sure confirmation page.

Firmware certificate(s) cannot be deleted.

Certificates

In this page you can import, view, download and delete certificates. Certificates are used for secure connection to an LDAP server, system HTTPS and SSH services. The FortiSandbox has one default certificate firmware which means the certificate is installed on the unit by Fortinet.

FSA does not support generating certificates, but importing certificates for SSH and HTTPS access to FSA..crt, PKCS12, and .pem formats are supported.

The following options are available:

Import

Import a certificate.

Service

Select to configure specific certificates for the HTTP and SSH servers.

View

Select a certificate in the list and select View in the toolbar to view the CA certificate details.

Delete

Select a certificate in the list and select Delete in the toolbar to delete the certificate.

The following information is displayed:

Name

The name of the certificate.

Subject

The subject of the certificate.

Status

The certificate status, active or expired.

Service

HTTPS or SSH service that is using this certificate.

Certificate

Download the server certificate.

Sub Certificate

Download the intermediate CA (Certificate Authority) certificate if you are using a certificate chain.

Cacert

Download the CA (Certificate Authority) certificate.

To import a certificate:
  1. Go to System > Certificates.
  2. Click Import from the toolbar.
  3. Enter the certificate name in the text field.
  4. Click Choose File and locate the certificate and key files on your management computer.
  5. Optionally, you can import the intermediate CA certificate by clicking the Choose File button for Sub Certificate, and locating the intermediate CA certificate file.
  6. Click OK to import the certificate.

You also have the option to import a Password Protected PKCS12 Certificate. To import a PKCS12 Certificate, check the PKCS12 Format box upon importing a new certificate and writing down the possible password. When checking the PKCS12 Format box, the other Certificate file selection boxes disappear and are replaced by the PKCS12 File selection option because only this type is valid.

To view a certificate:
  1. Go to System > Certificates.
  2. Select the certificate from the list and click View from the toolbar.
  3. The following information is available:

    Certificate Name

    The name of the certificate.

    Status

    The certificate status.

    Serial number

    The certificate serial number.

    Issuer

    The issuer of the certificate.

    Subject

    The subject of the certificate.

    Effective date

    The date and time that the certificate became effective.

    Expiration date

    The date and time that the certificate expires.

  4. Click OK to return to the Certificates page.
To download a CA certificate:
  1. Go to System > Certificates.
  2. Click the download icon in one of the columns: Certificate, Sub Certificate, or Cacert.

To delete a CA certificate:
  1. Go to System > Certificates.
  2. Select the certificate from the list and click Delete from the toolbar.
  3. Click Yes, I’m sure in the Are You Sure confirmation page.

Firmware certificate(s) cannot be deleted.