Skip to main content
harith7
harith7
New Member
November 14, 2017
Question

FortiGate : SSL Certification Private Key Export

  • November 14, 2017
  • 1 reply
  • 44583 views

Hello Everyone,

 

This is probably a common issue, but it's kind of urgent.

 

I configured a CSR from Fortigate to purchase an SSL Certificate.

 

All good so far, i managed to install the certificate. But i want to use it in other servers, so i need the private key.

 

Throught CLI, i found the private key but it's encrypted. the commande "unset password" doesnt work apparently in the 5.4 FortiOS.

 

What are my options ? can i export the certificate/key in another Fortigate (4.0 ?) and try to unset the password ? any other solution ? 

 

Thank's  

1 reply

emnoc
emnoc
New Member
November 14, 2017

You need to use the show full command

 

cli

show full config vpn cert local

It should show the certificate  PEM format and KEY. Just copy out the cert+key and use openssl to check modulus if you want to be sure it's correct

 

 

e.g

 

openssl  x509 -in <certfile> -noout -modulus | openssl md5

openssl  rsa -in <privkeyfile> -noout -modulus | openssl md5

 

You could also use sha1

 

 

openssl  x509 -in <certfile> -noout -modulus | openssl sha1

openssl  rsa -in <privkeyfile> -noout -modulus | openssl sha1

 

 

If the values matches, than  cert+key are a matching pair. if you want to build a pfx

 

 

openssl  pkcs12 -export -in <certfile> -inkey <keyfile> -out  mynew.pfx

 

 

;)

 

Ken

 

 

harith7
harith7Author
New Member
November 14, 2017

Thank's for your reply.

 

When i show the full-conf vpn cert local, i got this (it's not the full syntax, just the preview):

 

edit "portail alamana"
        set password ENC K1GqerTVAukDMIEgsSEYsjD59ziQU766Jue4Em9J7tVWFRh5+CbfA.....
        set comments ''
        set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIlsbBHVI02KACAggA
MBQGCCqGSIb3DQMHBAjvMDKXJmmMEQSCBMhQ0P7hOK2McnBExDGrIJiHdBgfCa6h
dHNKDJUeMIT9nVirYq5+56Nr64SXigPOJIaxEsOaFD05TuJouFWhtmWGqmAI8y8Y
u1dQy9r+8+wrzJs5yrtqupuwMj9/MWtZQSdHTyoDD/DJIT7537vUXAUryZUDnpms
VhLwrQJWixD/piKWoeDWpT6u79lHHRh8kmN3qiaEK8+cYQ15jOCi9/AmOWPAzieJ
--More--          0MyurtJMGGjNuD+/9zkAcwKMI

 

The private key is apparently Encrypted. Will it work with Openssl ? even without the decrypted password ?

 

jdecker91
jdecker91
New Member
July 10, 2019

Hello,

    I'm curious if you had ever found a solution to this? I am running into the same issue when trying to unset the password running FortiOS 6.0.5

Terms & ConditionsAccessibility statement