Provisioning Templates – FortiManager 5.2

Certificate templates

The certificate templates menu allows you to create CA certificate templates, add devices to them, and then generate certificates for selected devices. Once the CA certificates have been generated and signed, they can be installed using the install wizard.

The following information is displayed:

Device Name The device name is displayed.
Certificate Status The certificate status is displayed.

The following options are available:

Certificate

Add Device Select to add a device. Select OK to save the setting.
Delete Device Select an entry, right-click, and select Delete Device from the menu. A confirmation dialog box is displayed. Select OK to proceed with the delete action.
Generate Select to generate the certificate request.
Create New Select to create a new certificate.
Edit Select a certificate template, right-click and select Edit to edit the selected certificate.
Delete Select a certificate template, right-click and select Delete to delete the selected certificate. Select OK in the confirmation dialog box to complete the delete action.

To create a new certificate template:

  1. In the Provisioning Templates tree menu, right-click on Certificate Templates and select Create New from the pop-up menu. The New Certificate dialog box opens.
  2. Enter the following information:
Certificate Name              Type a name for the certificate.
Optional Information Optionally, type the organization unit, organization, locality (city), province or state, country or region, and email address.
Key Type                          RSA is the default key type. This field cannot be edited.
Key Size Select the key size from the drop-down list. The available key sizes are: l 512 Bit l 1024 Bit l 1536 Bit l 2048 Bit
Online SCEP Enrollment
CA Server URL                 Type the CA server URL.
Challenge Password         Type the challenge password for the CA server.
  1. Select OK to create the certificate.

To edit a certificate:

  1. Right-click on the certificate name in the tree menu and select Edit from the pop-up menu.
  2. Edit the settings as required in the Edit Certificate window, then select OK to apply the changes.

Certificate

To delete a certificate:

  1. Right-click on the certificate name in the tree menu and select Delete from the pop-up menu.
  2. Select OK in the confirmation dialog box to delete the certificate.

To add device to a certificate template:

  1. Select the certificate template from the tree menu to which you are adding devices.
  2. In the content pane, select Add Device from the toolbar. The Add Device dialog box opens.
  3. Add devices from the drop-down list, then select OK to add the devices.

To generate certificates:

Do one of the following:

  1. Select one or more devices from the list of devices added to the certificate template, and then select Generate from the toolbar.
  2. Right-click on a device from the list and select Generate from the pop-up menu.
  3. Confirm the certificate generation in the confirmation dialog box to generate the certificate.

If a certificate failed generation, you can attempt to generate the certificate again.

If the certificate name already exists on the FortiGate unit, it will be overwritten each time the generate button is run. This allows the certificates to be updated more easily (for instances, if it has expired or is about to expire) without affecting any existing VPN configurations that are using the certificate.

 

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.