Skip to content

Create a new Fortinet FortiWeb machine

This feature is in Preview

This feature is currently available as a Preview and is not yet generally available (GA). Functionality and behavior may change before GA.

Creating a new machine is the initial step in enabling Certificate Manager - SaaS to connect directly to application keystores for certificate management. Once you have created machines, you can move on to provisioning certificates to those machines.

Before you begin

To complete these steps, you must have:

  • FortiWeb hostname or IP address
  • Admin HTTPS port (default: 8443, not 443)
  • At least one active VSatellite connection
  • Valid FortiWeb admin username and password with REST API access
  • The admin account must have the required permissions to:
    • Read and write local, CA, and intermediate CA certificates
    • Read and write server policies and SNI groups
    • Read and write global system settings (required only if you plan to provision the management interface certificate)
  • (Optional) For multi-ADOM environments, ensure the admin account has access to every ADOM where certificates will be managed. The built-in admin account has access to all ADOMs.

Multi-ADOM support

The FortiWeb integration supports appliances configured with Administrative Domains (ADOMs). Discovery automatically detects the ADOMs your admin account can access, and certificates in each ADOM are managed independently. If ADOMs are not enabled on the appliance, leave ADOM fields blank to operate in global (single-domain) mode.

Authentication

FortiWeb supports only username and password authentication for the REST management interface. Unlike FortiGATE, FortiWeb does not support API tokens or mutual TLS (mTLS) authentication.

  1. Enter the FortiWeb Hostname or IP Address.

  2. Enter the Admin HTTPS Port. The default port is 8443. FortiWeb uses 8443 for the management interface, not 443.

  3. Enter your FortiWeb admin Username and Password in the provided fields.

    Warning

    Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.

  4. (Optional) Toggle Verify TLS Certificate to enabled if your FortiWeb management interface uses a certificate signed by a trusted CA. This option is disabled by default because FortiWeb appliances commonly use self-signed management certificates.

    Note

    When TLS verification is disabled, the connection is still encrypted but the server certificate is not validated. Leave this option disabled if your FortiWeb uses a self-signed or otherwise untrusted management certificate.

  5. Click Test Access, then click Continue. Note that Continue is only enabled if the Test Access is successful.

What's next?

Refer back to Create a new machine to finish setting up your new machine by configuring Discovery and Provisioning scheduling.

For existing machines: