GUI item | Description | |
Certification name | Enter a unique name for the certificate request, such as fmlocal. | |
Subject Information | Information that the certificate is required to contain in order to uniquely identify the FortiMail unit. | |
ID type | Select which type of identifier will be used in the certificate to identify the FortiMail unit: • Host IP • Domain name • E-mail Which type you should select varies by whether or not your FortiMail unit has a static IP address, a fully-qualified domain name (FQDN), and by the primary intended use of the certificate. For example, if your FortiMail unit has both a static IP address and a domain name, but you will primarily use the local certificate for HTTPS connections to the web UI by the domain name of the FortiMail unit, you might prefer to generate a certificate based on the domain name of the FortiMail unit, rather than its IP address. • Host IP requires that the FortiMail unit have a static, public IP address. It may be preferable if clients will be accessing the FortiMail unit primarily by its IP address. • Domain name requires that the FortiMail unit have a fully-qualified domain name (FQDN). It may be preferable if clients will be accessing the FortiMail unit primarily by its domain name. • E-mail does not require either a static IP address or a domain name. It may be preferable if the FortiMail unit does not have a domain name or public IP address. | |
IP | Enter the static IP address of the FortiMail unit. This option appears only if ID Type is Host IP. | |
Domain name | Type the fully-qualified domain name (FQDN) of the FortiMail unit. The domain name may resolve to either a static or, if the FortiMail unit is configured to use a dynamic DNS service, a dynamic IP address. For more information, see “Configuring the network interfaces” and “Configuring dynamic DNS”. If a domain name is not available and the FortiMail unit subscribes to a dynamic DNS service, an unable to verify certificate message may appear in the user’s browser whenever the public IP address of the FortiMail unit changes. This option appears only if ID Type is Domain name. | |
E-mail | Type the email address of the owner of the FortiMail unit. This option appears only if ID type is E-mail. | |
Optional Information | Information that you may include in the certificate, but which is not required. | |
Organization unit | Type the name of your organizational unit, such as the name of your department. (Optional.) To enter more than one organizational unit name, click the + icon, and enter each organizational unit separately in each field. | |
Organization | Type the legal name of your organization. (Optional.) | |
Locality(City) | Type the name of the city or town where the FortiMail unit is located. (Optional.) | |
State/Province | Type the name of the state or province where the FortiMail unit is located. (Optional.) | |
Country | Select the name of the country where the FortiMail unit is located. (Optional.) | |
E-mail | Type an email address that may be used for contact purposes. (Optional.) | |
Key type | Displays the type of algorithm used to generate the key. This option cannot be changed, but appears in order to indicate that only RSA is currently supported. | |
Key size | Select a security key size of 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to generate, but provide better security. |