Configuring system settings : Managing certificates : Managing local certificates
Managing local certificates
System > Certificate > Local Certificate displays both the signed server certificates and unsigned certificate requests.
On this tab, you can also generate certificate signing requests and import signed certificates in order to install them for local use by the FortiMail unit.
FortiMail units require a local server certificate that it can present when clients request secure connections, including:
the web UI (HTTPS connections only)
webmail (HTTPS connections only)
secure email, such as SMTPS, IMAPS, and POP3S
To access this part of the web UI, your administrator account’s:
Domain must be System
access profile must have Read or Read-Write permission to the Others category
For details, see “About administrator account permissions and domains”.
To view local certificates
1. Go to System > Certificate > Local Certificate.
 
GUI item
Description
View
(button)
Select a certificate and click View to display its issuer, subject, and range of dates within which the certificate is valid.
Delete
(button)
Removes the selected certificate.
Generate
(button)
Click to generate a local certificate request. For more information, see “Generating a certificate signing request”.
Download
(button)
Click the row of a certificate file or certificate request file in order to select it, then click this button and select either:
Download: Download a certificate (.cer) or certificate request (.csr) file. You can send the request to your certificate authority (CA) to obtain a signed certificate for the FortiMail unit. For more information, see “Downloading a certificate signing request”.
Download PKCS12 File: Download a PKCS #12 (.p12) file. For details, see “Downloading a PKCS #12 certificate”.
Set status
Click the row of a certificate in order to select it, then click this button to use it as the “default” (that is, currently chosen for use) certificate. The Status column changes to indicate that the certificate is the current (Default) certificate.
This button is not available if the selected certificate is already the “default.”
Import
(button)
Click to import a signed certificate for local use. For more information, see “Importing a certificate”.
Name
Displays the name of the certificate file or certificate request file.
Subject
Displays the Distinguished Name (DN) located in the Subject field of the certificate.
If the certificate has not yet been signed, this field is empty.
Status
Displays the status of the local certificates or certificate signing request.
Default: Indicates that the certificate was successfully imported, and is currently selected for use by the FortiMail unit.
OK: Indicates that the certificate was successfully imported, but is not selected as the certificate currently in use. To use the certificate, click the row of the certificate in order to select it, then click Set status.
Pending: Indicates that the certificate request has been generated, but must be downloaded, signed, and imported before it can be used as a local certificate. For details, see “Obtaining and installing a local certificate”.