Howto - create windows CA and export

Getting a signing certificate signed by your Domain Controller is out of scope for Fortinet documentation although you may find some websites with some instructions. Have you attempted getting a cert from your windows server yet?

Yes. I just backed up the root ca (including the key). Note that this was in pfx (.p12). Then I had to convert it to pem using openssl. After converting you would get a key file and a pem certificate. Then on the fortigate under certificates use the local (type certificate) and import the cert and the key. jason

For deep SSL inspection you' ll need a new signing certificate that is itself signed by that root CA so domain member workstations will trust the connection when it does SSL inspection. You can create the certificate request (CSR) on the Fortigate then download it, get it signed by the DC root CA and import back into the Fortigate. You' ll need to use a template on the DC that creates a signing cert such as SubCA.

Great. Would you have any instructions? jason

Here' s a link to some instructions on getting certificate services and web enrolment installed. https://stuff.purdon.ca/?page_id=163

http://docs-legacy.fortinet.com/fgt/sysadmin/fortios_certificate_management.pdf