A FortiGate unit will now generate default SSL inspection CA and server certificates that are unique to that unit the first time the certificates are required. Previously, FortiGate units all have the same default CA and server certificates.

There are some exceptions: for example, in a HA cluster all FortiGate units need the same CA and server certificates. The certificates can also be changed as required for load balancing and other configurations.

Existing customers will not be affected by this change, as FortiOS 5.2 will not change the current defaults on upgrade.

You can use the CLI commands below to generate new certificates that will be unique to your FortiGate unit.

The following command re-generates the default SSL inspection CA certificate:

The following command re-generates the default SSL inspection server certificate: