Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msepulveda_FTNT
Staff
Staff

Created on ‎12-16-2014 05:27 PM Edited on ‎08-29-2023 09:48 PM By Community Manager

Article Id 197317

Technical Note: Upload Certificate using PEM format

Description

 

The FortiGate GUI menu provides three certificate formats to import new certificates.

  • Local Certificate: This requires a CER file. This option works if the certificate was generated from the FortiGate itself.
  • PKCS12 or PKCS7: This format is encrypted and requires a "password".
  • Certificate: Requires certificate file, key file and password.


 Another method is using 'PEM' format.

 A PEM certificate includes both 'Private Key' and the 'Certificate'.

 

Scope

 

FortiGate.


Solution

 

A method to import a certificate on PEM file is through CLI commands.

 1 -  Edit the "PEM" file using any editor, for example Notepad.  The file should look like this:


 -----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmE..............
......................................................................................
SPIXQuT8RMPDVNQ=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICVDCCAb2gAwIBAgIJANfHOBkZr8JOMA0GC...........
......................................................................................
CRlNBAAlvhKzO7Clpf9l0YKBEfraJByX
-----END CERTIFICATE-----

 2 - Access FortiGate CLI through SSH or telnet:

config vpn certificate local
    edit [name]

 3 - Copy the "Private key" section, all from "Begin" up to "End"

 4 - Set command "private-key", use single or double quote to paste the certificate's private key, then close the single or double quote and hit "Enter"

 set private-key "-----BEGIN PRIVATE KEY-----
> MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANtb0+YrKuxevGpm
.....................................................................................................................................
> SPIXQuT8RMPDVNQ=
> -----END PRIVATE KEY-----"

 5 - Copy the "Certificate" section, all from "Begin" up to "End"

 6 - Set command "certificate" use single or double quote to paste the certificate, then close the single or double quote and hit "Enter".

 set certificate "-----BEGIN CERTIFICATE-----
> MIICVDCCAb2gAwIBAgIJANfHOBkZr8JOMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
.....................................................................................................................................
> CRlNBAAlvhKzO7Clpf9l0YKBEfraJByX
> -----END CERTIFICATE-----"

 7 - Type "end" to save the changes.  If no messages are shown it means that the certificate has been imported successfully. 

Some error debugs you can see while uploading:

GCI-FW-40F (GCI_VPN) # set private-key "-----BEGIN CERTIFICATE-----
> MIIEqjCCA5KgAwIBAgIUZbU+yqRnfS/doWODQ/3VtwyMidowDQYJKoZIhvcNAQEL
> BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
> MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
> aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybml
.....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
> Sxkm1r3GX5OlVa1jhOrdxi5lQ2rFC2t5xK1pubeWg/XMdsP4K7iD3Jf2mLIhUA==
> -----END CERTIFICATE-----"
Invalid private key, password may be required
 
In such cases try getting a new key from the certificate authority and reupload.
Labels:
20541
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.