Fortinet black logo

Administration Guide

Local certificates

Local certificates

Server Objects > Certificates > Local displays all X.509 server certificates that are stored locally, on the FortiWeb appliance, for the purpose of offloading or scanning HTTPS.

Generate Click to generate a certificate signing request. For details, see Local certificates.
Import Click to upload a certificate. For details, see Local certificates.
View Certificate Detail Click to view the selected certificate’s subject, range of dates within which the certificate is valid, version number, serial number, and extensions.
Download

Click to download the selected CSR’s entry in certificate signing request (.csr) file format.

This button is disabled unless the currently selected file is a CSR.

Edit Comments Click to add or modify the comment associated with the selected certificate.
(No label. Check box in column heading.)

Click to mark all check boxes in the column, selecting all entries.

To select an individual entry, instead, mark the check box in the entry’s row.

Name Displays the name of the certificate.
Subject

Displays the distinguished name (DN) located in the Subject: field of the certificate.

If the row contains a certificate request which has not yet been signed, this field is empty.

Comments Displays the description of the certificate, if any. Click the Edit Comments icon to add or modify the comment associated with the certificate or certificate signing request.
Status

Displays the status of the certificate.

  • OK—Indicates that the certificate was successfully imported. To use the certificate, select it in a server policy or server pool configuration.
  • PENDING—Indicates that the certificate request has been generated, but must be downloaded, signed, and imported before it can be used as a server certificate.

FortiWeb presents a server certificate when any client requests a secure connection, including when:

  • Administrators connect to the web UI (HTTPS connections only)
  • Clients use SSL or TLS to connect to a virtual server, if you enabled SSL offloading in the policy (HTTPS connections and Reverse Proxy mode only)

Although it does not present a certificate during SSL/TLS inspection, FortiWeb still requires server certificates in order to decrypt and scan HTTPS connections traveling through it (SSL inspection) if operating in any mode except Reverse Proxy. Otherwise, FortiWeb will not be able to scan the traffic, and will not be able to protect that web server.

If you want clients to be able to use HTTPS with your website, but your website does not already have a server certificate to represent its authenticity, you must first generate a certificate signing request. For details, see Local certificates. Otherwise, start with Local certificates.

See also

Local certificates

Local certificates

Server Objects > Certificates > Local displays all X.509 server certificates that are stored locally, on the FortiWeb appliance, for the purpose of offloading or scanning HTTPS.

Generate Click to generate a certificate signing request. For details, see Local certificates.
Import Click to upload a certificate. For details, see Local certificates.
View Certificate Detail Click to view the selected certificate’s subject, range of dates within which the certificate is valid, version number, serial number, and extensions.
Download

Click to download the selected CSR’s entry in certificate signing request (.csr) file format.

This button is disabled unless the currently selected file is a CSR.

Edit Comments Click to add or modify the comment associated with the selected certificate.
(No label. Check box in column heading.)

Click to mark all check boxes in the column, selecting all entries.

To select an individual entry, instead, mark the check box in the entry’s row.

Name Displays the name of the certificate.
Subject

Displays the distinguished name (DN) located in the Subject: field of the certificate.

If the row contains a certificate request which has not yet been signed, this field is empty.

Comments Displays the description of the certificate, if any. Click the Edit Comments icon to add or modify the comment associated with the certificate or certificate signing request.
Status

Displays the status of the certificate.

  • OK—Indicates that the certificate was successfully imported. To use the certificate, select it in a server policy or server pool configuration.
  • PENDING—Indicates that the certificate request has been generated, but must be downloaded, signed, and imported before it can be used as a server certificate.

FortiWeb presents a server certificate when any client requests a secure connection, including when:

  • Administrators connect to the web UI (HTTPS connections only)
  • Clients use SSL or TLS to connect to a virtual server, if you enabled SSL offloading in the policy (HTTPS connections and Reverse Proxy mode only)

Although it does not present a certificate during SSL/TLS inspection, FortiWeb still requires server certificates in order to decrypt and scan HTTPS connections traveling through it (SSL inspection) if operating in any mode except Reverse Proxy. Otherwise, FortiWeb will not be able to scan the traffic, and will not be able to protect that web server.

If you want clients to be able to use HTTPS with your website, but your website does not already have a server certificate to represent its authenticity, you must first generate a certificate signing request. For details, see Local certificates. Otherwise, start with Local certificates.

See also