Replacing the default FortiMail certificate

In this recipe, you will learn how to replace the default certificate used by your FortiMail for secure connections.

All FortiMail units have a self-signed certificate installed on them by default. It is recommended to replace this certificate with valid digital certificate for the protected domains, to keep the contents of your email secure.

1. Generating a certificate request

If you already have a signed certificate, you can proceed to step 2.

On your FortiMail, go to System > Certificate > Local Certificate and select Generate.

Set the information in the Generate Certificate Signing Request as required.


The request will appear in the certificate list, with its status shown as Pending. Select the request, then select Download.

Send the certificate request file (.csr) to a certificate authority (CA) for signing.


2. Importing the signed certificate

When you have a signed certificate, go to System > Certificate > Local Certificate and select Import.

Set Type to Local Certificate and choose the certificate file (.cer).

In the certificate list, select the certificate, then select Set status to set the certificate as the default.  

3. Results

Go to System > Certificate > Local Certificate. The imported certificate is shown as Default in the Status column.

Because this certificate is set as the default, the FortiMail will automatically use it for making secure connections.



Share this recipe:


Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.

  • Alessandro

    Easy! Thanks!

  • Nayeli

    i have a question, when i want upload the local certificate, i got a error “No matched local certificate is found”, someone knows something about this