Replacing the default FortiMail certificate

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will learn how to replace the default certificate used by your FortiMail for secure connections.

All FortiMail units have a self-signed certificate installed on them by default. It is recommended to replace this certificate with valid digital certificate for the protected domains, to keep the contents of your email secure.

1. Generating a certificate request

If you already have a signed certificate, you can proceed to step 2.

On your FortiMail, go to System > Certificate > Local Certificate and select Generate.

Set the information in the Generate Certificate Signing Request as required.

 

The request will appear in the certificate list, with its status shown as Pending. Select the request, then select Download.

Send the certificate request file (.csr) to a certificate authority (CA) for signing.

 

2. Importing the signed certificate

When you have a signed certificate, go to System > Certificate > Local Certificate and select Import.

Set Type to Local Certificate and choose the certificate file (.cer).

 
In the certificate list, select the certificate, then select Set status to set the certificate as the default.  

3. Results

Go to System > Certificate > Local Certificate. The imported certificate is shown as Default in the Status column.

Because this certificate is set as the default, the FortiMail will automatically use it for making secure connections.

 

 

  • Was this helpful?
  • Yes   No
  • John

    The problem I have is the Fortimail is internal only and does not have a FQDM and I don’t think you can buy an SSL cert for just a name. can you?
    Thanks
    John

  • Nayeli

    i have a question, when i want upload the local certificate, i got a error “No matched local certificate is found”, someone knows something about this

    • Marc Purdon

      If you already have a certificate (you didn’t generate the request on the Fortimail) then you must choose type Certificate (instead of Local Certificate) then you choose your signed cert and the private key

  • Alessandro

    Easy! Thanks!