Skip to main content
raverz1tildawn
raverz1tildawn
New Member
June 22, 2020
Question

Fortigate 90D - 6.0.2 - FORTINET_FACTORY Cert SHA1

  • June 22, 2020
  • 2 replies
  • 3424 views

Good morning everyone,

        I have been reading everything that i possibly can to try and figure this out and i just cannot seem to get a straight answer.  On our Fortigate 90D the FORTINET_FACTORY Cert is SHA1 signed and needs to be upgraded to SHA256.  What is the correct way to update the FORTINET_FACTORY cert to SHA256?  I know that I can generate the CSR request on the Fortigate but does that create the request local for that device from the Fortinet CA?  Or do you have to use OPENSSL?  Any information is greatly appreciated.

    2 replies

    lobstercreed
    lobstercreed
    New Member
    June 23, 2020

    I'm not sure what problem you're trying to solve but I don't think what you're asking is possible.  You'll need to get a signed cert from a valid CA if you want something other than what is loaded from the factory (as you should).

    MikePruett
    MikePruett
    New Member
    June 23, 2020

    I would create a new certificate using your own server that meets your needs and just load it into the FortiGate.

    emnoc
    emnoc
    New Member
    June 23, 2020

    You have a few options. 

     

    1> generate a new CSR (  openssl or certmanger )

    2> upgrade the fortios ( and yes if your running 6.0.2 ....I would upgrade )

    3> import your cert+key that's already done at sha2 family algo

     

     

    Ken Felix

     

    Terms & ConditionsAccessibility statement