It is possible of course to enable SSL connection also between Fortiweb and internal servers. This is called SSL offloading - all the SSL related encryption/decryption is being done by the Fortiweb only, to offload these tasks from physical servers. The conneciton between Fortiweb and Apache servers stays cleartext on port 80. NOTE: I did not enable HTTPS or change the configuration of the Apache servers at all. ![]() Enable the HTTPS service and set the SSL certificate to use in Server Policy. I use here the password set when generating the private key earlier on Ubuntu server. System -> Certificates -> Local -> Import. Import SSL certificate and potentially intermediate certificates into Fortiweb. Once issued, I downloaded the ready-to-use certificate as a file yurisk_com.crt and can move to step 2. For this lab I used to get a free 30-day certificate, but of course any SSL CA provider will do. server FQDN or YOUR name ) :Įmail Address enter the following 'extra' attributesĪn optional company name I can use to issue the SSL certificate. ![]() Organizational Unit Name (eg, section ) :ITĬommon Name (e.g. ![]() Organization Name (eg, company ) :Yurisk Ltd State or Province Name (full name ) :Jerusalem If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. ![]() You are about to be asked to enter information that will be incorporated Openssl req -newkey rsa:2048 s -keyout -out
0 Comments
Leave a Reply. |