FortiClient EMS only accepts SSL cert in .pfx format. This article describes how to convert SSL cert to .pfx format so that it can be uploaded to EMS.

In this example, let's say an SSL cert from Zero is purchased:

https://zerossl.com/

Zero will provide 3 items in a zip file: 

• ca_bundle.crt
• certificate.crt
• private-key.key

With these 3 items, it is possible to export a .pfx file using OpenSSL:

1. Download and install OpenSSL. Refer to: https://stackoverflow.com/questions/50625283/how-to-install-openssl-in-windows-10
2. In the CMD, navigate to the folder where the 3 items are located.

Example:

cd C:\Users\username\Desktop\cert-folder

3. Run the below command:

4. Enter the password chosen.
5. Enter the password once again for validation.
6. Once done, new-pfx-cert.pfx will be created in the same folder.
7. Go to EMS -> System Settings -> SSL certificate -> Upload.
8. Upload new-pfx.cert.pfx to EMS, and enter the password in 4), save the change.
9. EMS Apache service will restart, and EMS is now using the trusted cert.

• The red circle shows the files from Zero.
• The green circle is the output of the OpenSSL command.