16
6. Import files to the keystore using the alias “tomcat”
Type
ImportCertificateWithKey -alias tomcat -cas <CA-Bundle> -key <Private-
Key> -cert <Leaf-Certificate> -keystore /bsc/campusMgr/.keystore -v -
force -import -storepass ^8Bradford%23
Example
ImportCertificateWithKey -alias tomcat -cas server.ca-bundle -key
server.key -cert server.crt -keystore /bsc/campusMgr/.keystore -v -force
-import -storepass ^8Bradford%23
"Successfully imported key and certificate chain" will display.
7. Activate Certificate by restarting the tomcat-admin service. Type
service tomcat-admin restart
8. Validate certificate is active. Browse to the Administration UI
https://<FortiNAC hostname secured by certificate>:8443
Examine the certificate details in the browser (such as the security lock icon or whichever
method is offered by that browser). Important: ensure the name used in the URL is the one
specified in the certificate. If not secure, verify all intermediate and root certificates were
included in server.ca-bundle (see KB article Identify missing SSL certificates via
administration UI). If unexpected behavior occurs, see Troubleshooting.
Agent and Captive Portal
1. Log into the Application Server as root. Copy the key, leaf certificate and bundle files to
/bsc/siteConfiguration/apache_ssl
Note: If the same certificate files are used for the Admin UI, these files (server.key,
server.crt and server.ca-bundle) can be copied from the Control Server. If using these files,
proceed to step 5.
2. If several intermediate certificate files are received (as opposed to a single CA bundle), the
files should be merged into a bundle. Complete the steps in KB article Create SSL
Certificate Bundle with Files Returned from Certificate Authority).
3. Verify Private Key is in RSA format. Review the private key file using a text editor.
Alternatively, if in Linux, the file can be viewed by running the command:
cat <filename>
Header should look like this: -----BEGIN RSA PRIVATE KEY-----
If Key Header looks like this: -----BEGIN PRIVATE KEY-----