Knowledge Base

Bitte , um Beiträge und Themen zu erstellen.

LE (lets encrypt) Implementierung

https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/822087/acme-certificate-support#aanchor10

To configure certificates in the GUI, go to System > Feature Visibility and enable Certificates.
To import an ACME certificate in the GUI:
  1. Go to System > Certificates and click Import > Local Certificate.
  2. Set Type to Automated.
  3. Set Certificate name to an appropriate name for the certificate.
  4. Set Domain to the public FQDN of the FortiGate.
  5. Set Email to a valid email address. The email is not used during the enrollment process.
  6. Ensure that ACME service is set to Let's Encrypt.

  7. Configure the remaining settings as required, the click OK.
  8. If this is the first time enrolling a server certificate with Let's Encrypt on this FortiGate, the Set ACME Interface pane opens.

    Select the interface that the FortiGate communicates with Let's Encrypt on, then click OK.

    The ACME interface can later be changed in System > Settings.

  9. The new server certificate is added to the Local Certificate list.

    Click View Details to verify that the FortiGate's FQDN is in the certificate's Subject: Common Name (CN).

    The Remote CA Certificate list includes the issuing Let's Encrypt intermediate CA, issued by the public CA ISRG Root X1 from Digital Signature Trust Company.

To exchange the default FortiGate administration server certificate for the new public Let's Encrypt server certificate in the GUI:
  1. Go to System > Settings.
  2. Set HTTPS server certificate to the new certificate.

  3. Click Apply.
  4. Log in to the FortiGate using an administrator account from any internet browser. There should be no warnings related to non-trusted certificates, and the certificate path should be valid