Wednesday, February 3, 2016

HOWTO install a certificate for fortimail

In this post I will show you how to install a comodo  DV ( domain validation ) certificate for the fortimail appliance. I'm using a free 90day certificate in this example and crafting a CSR from within the appliance.

The CSR is the 1st starting point.

From my pass experiences you want to  use no "abbr"  states names.


System > certificate


Next you will submit the CSR to  CA in this we are using  comdo for  the signing . They will sign the CSR and issue the certificate. Your private-key at this point is private and not submitted with the CSR.





The will issue the  certificate and intermediate certificate back to you in a  zip file.







The certificate process will need to validate you during the process for a DV certificate. So a domain will require a email and it's best to use the email address attach as  the admin/technical contact from the  whois.




Finally we can upload the certificate once it's been signed.





Make sure you install any CA intermediate in the appliance also.







Finally having a certificate install is part A of  the step, you need to make the appliance aware and use the certificate. The easiest way is to use the cli command

"set default-certificate < the named certificate>"







IMHO it's best to restart the  https daemon or reboot the appliance






Finally, running a CA chain check will show a validate certificate that's trusted & it won't hurt to complete a  a free SSL score check.







Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment