Install SSL Certificate into a FortiAnalyzer

We utilize a lot of Fortigate firewalls and have had really good success with them.  The biggest downside, is there is no native reporting functionality built into them.  For that we utilize a FortiAnalyzer device which provides really impressive, feature-rich reporting.  While there is a large amount of functionality available from the GUI, adding an external SSL certificate for remote access to the device requires utility the CLI.  Thankfully it is a pretty straightforward process:

From the CLI type: exec certificate local generate some.domain.com (whatever your external domain name is)
CertReq1

Next you will need to setup a local TFTP server (I use tftpd32, simple and straightforward) and run the following command:exec certificate local export some.domain.com 192.168.123.123 (the IP address of your local TFTP server)
CertReq2

Next, open your TFTP folder and you will find your CSR file.
CertReq3a

Open this file in your favorite text editor and copy and paste it into your cert request through your SSL vendor (Godaddy, Verisign, etc.).  After domain authorization and receipt of your certificate, simply upload it via the same method:exec certificate local import some.domain.com.crt 192.168.123.123
CertReq4

Finally from the FortiAnalyzer GUI Console, browse to System Settings, Admin, Admin Settings & select the newly imported some.domain.com.crt certificate.

CertReq5a

About AJ McKean

Based in sunny Tauranga, New Zealand, AJ McKean is a Senior Systems Engineer in Mt Maunganui. With over 15 years of professional IT experience working in both New Zealand and the United States, he holds several certifications including MCSE(2000-2003), MCITP:Enterprise(2008), MCSA(2012), VMware VCP-DCV5.5, CompTIA A+ & is an HP Storage Architect. He is passionate about all things IT, especially virtualization, automation & cloud technologies.

3 Responses to “Install SSL Certificate into a FortiAnalyzer”

  1. Tony Zaremba says :

    Hey mate, I need to renew the certificate on our Fortianalyser, how do I renew the certificate already installed?

Leave a Reply to AJ McKean Cancel reply

Your email address will not be published. Required fields are marked *