Skip to main content

Configuring FortiWeb

FortiWeb must be explicitly configured to use an HSM for cryptographic operations. This is done through the CLI by enabling HSM support and specifying the manufacturer. Without this step, FortiWeb will not recognize the HSM for certificate storage and cryptographic functions.

1. Specifying Primus HSM

Set the policy with the following command:

config server-policy setting
set hsm enable
set hsm-manufacturer primus
end

When HSM is successfully enabled, the Securosys Primus HSM page becomes accessible in the GUI, and the CLI command config system nethsm can be configured.

2. Upload the HSM Configuration File

After a successful configuration of the PKCS#11 Provider, you should have your configuration and security files available. FortiWeb uses these credentials to authenticate with the HSM

In FortiWeb, navigate to System > Config > Securosys Primus HSM. Upload the Primus HSM configuration file and FortiWeb will read the configuration and display a breakdown of the Partition. Configure now the partition settings according to the FortiWeb administration guide Configure the HSM in ForteWeb.

Select Status Enable to activate the HSM integration. Select OK to apply the configuration.

FortiWeb validates the configuration before you can begin performing cryptographic operations using your partition.

3. Using the Primus HSM on FortiWeb

For a detailed breakdown of uses of FortiWeb with Primus HSM, please visit

4. Disabling Primus HSM Configuration

Before disabling the Primus HSM configuration, you must remove all associated HSM-dependent configurations, including local certificates and CSRs of the Primus HSM type. After clearing these dependencies, you can modify or delete the HSM partition.

tip

For more information, including Monitoring and Troubleshooting FortiWeb, please visit the Fortinet documentation page.