3rd party HTTPS certificates for the admin interface?

Author
fortinet0718
New Member
  • Total Posts : 3
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/08/15 06:55:34
  • Status: offline
2013/08/15 07:06:12 (permalink)
0

3rd party HTTPS certificates for the admin interface?

Has anyone been able to install 3rd-party HTTPs certificates on FAZ 5.0?

I think I see where to install them (System Settings -> Certificates -> Local Certificates), but no file format that I' ve tried seems to work (.pem, .p12, etc.)

The documentation in the manuals (particularly v5.0 manuals) is anything but clear as to what is accepted as a certificate format, or if 3rd-party certs are even acceptable.

FWIW: I have a wildcard SSL cert that I' d like to use -- that' s why I don' t care to jump through the hoops of generating a CSR, get it signed, and then import that back in.

Thanks,
#1
thrawnos
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/08/16 07:25:58
  • Status: offline
RE: 3rd party HTTPS certificates for the admin interface? 2013/08/16 07:29:06 (permalink)
0
Hi,

can be configured over the cli:

config system certificate local

edit a new certificate and copy and paste key and certificate in the cli.

However, this leads to the next problem I also have now: where to change the default https certificate. This can also not be done over the admin gui, and I did not found a way on the cli. Good luck!
#2
fortinet0718
New Member
  • Total Posts : 3
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/08/15 06:55:34
  • Status: offline
RE: 3rd party HTTPS certificates for the admin interface? 2013/08/19 10:25:49 (permalink)
0
Thrawnos,

That did the trick for me, thanks!

I was able to get the appliance to use the SSL cert for the HTTPS interface using the GUI. In the CLI, I made a cert like you advised:

config system certificate local
edit " MyCert"
...
end


Then in the GUI, I logged in as a Super_User, and went to:
System Settings ->
Admin (expand it) ->
Admin Settings ->
In the " HTTPS & Web Service Server Certificate" drop-down,
my " MyCert" certficate was an option. I selected it, clicked " Apply" ,
waited a few minutes, logged out and back in, and my certificate
was being used!

Thanks again,
#3
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
RE: 3rd party HTTPS certificates for the admin interface? 2014/10/07 07:33:26 (permalink)
0
I think this is what I need too....I have a .pfx file for my wildcard SSL cert that I exported from my primary domain server and I' m not quite sure on how to get the wildcard cert from my primary domain server to use on the FAZ. Any ideas?
#4
fortinet0718
New Member
  • Total Posts : 3
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/08/15 06:55:34
  • Status: offline
RE: 3rd party HTTPS certificates for the admin interface? 2014/10/07 09:29:12 (permalink)
5 (1)
Michellem812,

You' ll have to " break the .pfx file apart" . I do this with OpenSSL.
Once you have the SSL private key in a file that looks like (the contents will differ from what I have here):

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,01dea01dea01dea0

Base64/Mime-encodedblockThatGoesForANumberOfLines+About25Lines
forMyCurrentKey+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbF
...
j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
-----END RSA PRIVATE KEY-----


As well as the signed certificate in a similar file that looks like:

-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIQDGytvGNkU2vBnSE8dqwG1zANBgkqhkiG9w0BAQsFADBN
...
J7pyum1ogx7j6A==
-----END CERTIFICATE-----




Then you are ready to use the CLI to add the cert.
Here is the rough outline of what that looks like:
FortiAnalyzer-200D # config system certificate local
(local)# edit " My3rdPartySSLCertname"
(My3rdPartySSLCertname)# set password MYSECRETPASSWORD
(My3rdPartySSLCertname)# set private-key " -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,01dea01dea01dea0

... lots of lines here ...
-----END RSA PRIVATE KEY-----"
(My3rdPartySSLCertname)# set certificate " -----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIQDGytvGNkU2vBnSE8dqwG1zANBgkqhkiG9w0BAQsFADBN
... lots of lines here ...
-----END CERTIFICATE-----"
(My3rdPartySSLCertname )# end
FortiAnalyzer-200D # exit
#5
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
RE: 3rd party HTTPS certificates for the admin interface? 2014/10/10 10:32:02 (permalink)
0
Perfect! Thanks! I used https://stuff.purdon.ca/?page_id=83 to get the OpenSSL and break my pfx out to a text file that I could use, copied it in to the appropriate places in the CLI commands you listed, and set the Admin GUI to use it. It works - thanks so much!!
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5