Managing certificates
This section explains how to manage X.509 security certificates using the FortiMail web UI. Using the Certificate submenu, you can generate certificate requests, install signed certificates, import CA root certificates and certificate revocation lists, and back up and restore installed certificates and private keys.
FortiMail uses certificates for PKI authentication in secure connections. PKI authentication is the process of determining if a remote host can be trusted with access to network resources. To establish its trustworthiness, the remote host must provide an acceptable authentication certificate by obtaining a certificate from a certification authority (CA).
You can manage the following types of certificates on FortiMail:
Table 40: Certificate types
Certificate type | Usage |
CA certificates | FortiMail uses CA certificates to authenticate the PKI users, including administrators and web mail users. For details, see “Configuring PKI authentication” and “Managing certificate authority certificates”. |
Server certificates | FortiMail must present its local server certificate for the following secure connections: • the web UI (HTTPS connections only) • webmail (HTTPS connections only) • secure email, such as SMTPS, IMAPS, and POP3S |
Personal certificates | Mail users’ personal certificates are used for S/MIME encryption. For details, see “Configuring certificate bindings”. |
This section contains the following topics: