Secure connections and certificates Page 103 FortiRecorder 2.4.2 Administration Guide
Generating a certificate signing request
Many commercial certificate authorities (CAs) will provide a web site where you can generate
your own certificate signing request (CSR). A CSR is an unsigned certificate file that the CA will
sign. When the CSR is generated, the associated private key that the appliance will use to sign
and/or encrypt connections with clients is also generated.
If your CA does not provide this, or if you have your own private CA such as a Linux server with
OpenSSL, you can use the appliance generate a CSR and private key. This CSR can then be
submitted for verification and signing by the CA.
To generate a certificate request
1. Go to System > Certificate > Local Certificate.
2. Click Generate.
A dialog appears.
3. Configure the certificate signing request:
Setting name Description
Certification name Enter a unique name for the certificate request, such as
fortirecorder.example.com. This can be the name of
your appliance.
Subject Information
ID Type Select the type of identifier to use in the certificate to identify
the FortiRecorder appliance:
• Host IP — Select if the FortiRecorder appliance has a
static IP address and enter the public IP address of the
FortiRecorder appliance in the IP field. If the FortiRecorder
appliance does not have a public IP address, use E-Mail or
Domain Name instead.
• Domain Name — Select if the FortiRecorder appliance
has a static IP address and subscribes to a dynamic DNS
service. Enter the FQDN of the FortiRecorder appliance,
such as fortirecorder.example.com, in the Domain
Name field. Do not include the protocol specification
(http://) or any port number or path names.
• E-Mail — Select and enter the email address of the owner
of the FortiRecorder appliance in the E-mail field. Use this
if the appliance does not require either a static IP address
or a domain name.
The type you should select varies by whether or not your
FortiRecorder appliance has a static IP address, a
fully-qualified domain name (FQDN), and by the primary
intended use of the certificate.
For example, if your FortiRecorder appliance has both a static
IP address and a domain name, but you will primarily use the
local certificate for HTTPS connections to the web UI by the
domain name of the FortiRecorder appliance, you might prefer
to generate a certificate based upon the domain name of the
FortiRecorder appliance, rather than its IP address.
To Next Page
Loading...