Technical Tip: How to export a local certificate with a private key
Description
This article describes how to export a local certificate with a private key from the FortiGate.
Scope
This KB is no longer applicable in modern firmware versions. The process below is not available since version 6.0. (private key passwords are not recoverable)
Solution
This solution is based on FortiOS v4.0 MR2 and is valid for any local certificate installed on the FortiGate.
1. Download the local certificate from the GUI. System >Certificates >Local Certificates.
2. To retrieve the private key, connect to the CLI and export the private key:
3. Copy the string retrieved after running the "set private-key" command on the CLI found between the two double quotes [""] of the "set private-key" command.
4. Create a file with the copied string. The private key must look something as shown below:
5. Use the private key and the corresponding certificate in any Fortinet device requiring the certificate.
1. Download the local certificate from the GUI. System >Certificates >Local Certificates.
2. To retrieve the private key, connect to the CLI and export the private key:
| config vpn certificate local edit <cert_name> unset password set password mysecret <--- enter the password to protect the private key |
3. Copy the string retrieved after running the "set private-key" command on the CLI found between the two double quotes [""] of the "set private-key" command.
4. Create a file with the copied string. The private key must look something as shown below:
| -----BEGIN RSA PRIVATE KEY----- qCy4PjkA5pU5lBW9kYQj0LVgtq6ROy32x11XQpXTQY0IhjMw0Tgh5nFu+CLW6z3S |
5. Use the private key and the corresponding certificate in any Fortinet device requiring the certificate.