Adding a URL to the certificate

scsiraidguru · December 12, 2023, 3:22pm

I created my first LE cert for my Apache servers yesterday. I need to create a SSL cert for my Fortinet 60E firewall. I went on the Apache server and it only sees the 5 URL for my web sites. How can I add firewall.scsiraidguru.com to it?

scsiraidguru.com
mc.scsiraidguru.com
www.scsiraidguru.com
patrickmckenneylandscaping.com
www.patrickmckenneylandscaping.com

I added a DNS record on Godaddy for firewall.scsiraidguru.com

I have a script that allows me to generate a CSR and Private Key that I use for Godaddy. Is it possible to create the CSR and Private Key and use it with Let's Encrypt?

linkp · December 12, 2023, 3:28pm

https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/718606/provision-a-trusted-certificate-with-lets-encrypt

scsiraidguru · December 12, 2023, 3:34pm

I am using FortiOS 7.2.6. I just got off the phone with TAC. FortiOS doesn't work with generating the cert for Let's Encrypt. They recommended a CSR and Private Key approach.

rg305 · December 12, 2023, 3:50pm

Are you going to use the fortigate as the TLS termination/proxy point [i.e. HTTPS inspection]?
If not, then the gate won't need the cert for your web site(s).

scsiraidguru · December 12, 2023, 3:53pm

firewall.scsiraidguru.com is the admin portal name to use SSL port security. I don't access it with HTTP only HTTPS and an alternative port.

rg305 · December 12, 2023, 4:03pm

How many Internet IPs do you have?
[sounds like only one]

scsiraidguru · December 12, 2023, 4:06pm

My Fortinet 60E has two WAN connections: AT&T Fiber and Comcast in SD-WAN. I was going to work on getting the web server to be dual honed.

Fortinet TAC has a ticket opened. The previous version had more options.

linkp · December 12, 2023, 4:11pm

I would replace the Fortigate with a Netgate since the latter has an ACME client in their official packages.

Your original question appears to be covered in the Certbot FAQ.

Can I use an existing private key or Certificate Signing Request (CSR) with Certbot?

scsiraidguru · December 12, 2023, 4:14pm

In 20+ years of working with firewalls, I never heard of Netgate. My Fortinet 60E has two WAP that are integrated into its FortiOS in my house. Fortinet is moving the issue to the Dev Team. I will be calling a manager I know at Fortinet about this.

rg305 · December 12, 2023, 4:41pm

That is likely part of the problem.
I mean, that was a known problem with certain versions of FortiOS [I don't recall exactly which ones].

linkp · December 12, 2023, 4:43pm

I find it hard to believe that you never heard of pfSense, but who knows.

Hopefully you can get what you need from the FAQ link I shared.

scsiraidguru · December 12, 2023, 4:45pm

pfSense is a name I heard of. Some of my friends use them. I am on 7.2.6. They CLI has acme settings in it.

system · January 11, 2024, 4:45pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fortinet 60E won't create a certiifcate in the same domain as my Apache2 server Help	7	561	January 22, 2024
Adding another domain to an autorenew Help	7	270	January 13, 2024
LE for FortiGate Firewall Hardware Appliance Help	4	3152	November 11, 2020
Certificates for Access Point Help	5	773	May 17, 2020
How to use letsencrypt for things other than websites? fortigate? ruckus? Help	9	1645	August 30, 2021

Adding a URL to the certificate

Related topics