Certificate(s) about to expire for Fortinet

Vendor

Fortinet

Description

Indeni will alert when a certificate is about to expire or has expired.

Remediation Steps

Renew any certificates that need to be renewed.

1. Login via ssh to the Fortinet firewall and run the FortiOS command "get vpn certificate detail" to review the period for which the certificate is valid.

2. Login via ssh to the Fortinet firewall and run the FortiOS command "get vpn certificate setting" to review the settings.

3. Login via https to the Fortinet firewall and go to the menu System > Certificates tab to review the list of the certificates. Double click each certificate to get detailed information.

4. For more information review the Fortinet Certification Configuration Guide: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-authentication-54/Certificates.htm

5. If the problem persists, contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.

How does this work?

Using SSH to access the Fortinet device and retrieve the X.509 "valid to" field for all "local" device certificates. If the time in this field is within a certain threshold of days, Indeni raises an alert. Note that this script does not currently validate the Fortinet's category of "remote" certificates. It does check all "local" and root CA certificates.

Why is this important?

Using SSH to access the Fortinet device and retrieve the X.509 "valid to" field for all "local" device certificates. If the time in this field is within a certain threshold of days, Indeni raises an alert. Note that this script does not currently validate the Fortinet's category of "remote" certificates. It does check all "local" and root CA certificates.

Without Indeni how would you find this?

An administrator could manually check the certificate expiration dates by using the Fortinet web GUI or by logging in to the device via SSH and manually running the necessary commands.


View Source Code