Server Objects > Certificates > Local displays all X.509 server certificates that are stored locally, on the FortiWeb appliance, for the purpose of offloading or scanning HTTPS.
|Click to generate a certificate signing request. For details, see Local certificates.
|Click to upload a certificate. For details, see Local certificates.
|View Certificate Detail
|Click to view the selected certificate’s subject, range of dates within which the certificate is valid, version number, serial number, and extensions.
Click to download the selected CSR’s entry in certificate signing request (.csr) file format.
This button is disabled unless the currently selected file is a CSR.
|Click to add or modify the comment associated with the selected certificate.
|(No label. Check box in column heading.)
Click to mark all check boxes in the column, selecting all entries.
To select an individual entry, instead, mark the check box in the entry’s row.
|Displays the name of the certificate.
Displays the distinguished name (DN) located in the
If the row contains a certificate request which has not yet been signed, this field is empty.
|Displays the description of the certificate, if any. Click the Edit Comments icon to add or modify the comment associated with the certificate or certificate signing request.
Displays the status of the certificate.
FortiWeb presents a server certificate when any client requests a secure connection, including when:
- Administrators connect to the web UI (HTTPS connections only)
- Clients use SSL or TLS to connect to a virtual server, if you enabled SSL offloading in the policy (HTTPS connections and Reverse Proxy mode only)
Although it does not present a certificate during SSL/TLS inspection, FortiWeb still requires server certificates in order to decrypt and scan HTTPS connections traveling through it (SSL inspection) if operating in any mode except Reverse Proxy. Otherwise, FortiWeb will not be able to scan the traffic, and will not be able to protect that web server.
If you want clients to be able to use HTTPS with your website, but your website does not already have a server certificate to represent its authenticity, you must first generate a certificate signing request. For details, see Local certificates. Otherwise, start with Local certificates.