|
After generating a Certificate Signing Request (CSR) on the FortiGate and importing the associated certificate via the GUI process below, the error may be observed in the screenshot attached.
How to upload the certificate: System -> Certificates -> Import -> Local Certificate -> Upload certificate with the .cer format.
Error Observed:
Although this error occurs, the certificate is still created and visible from the GUI -> System -> Certificates [Local Certificates].
However, if unable to utilize the certificate. (i.e. The certificate does not show up as an option):
Apply the following steps:
- Navigate to the CLI and run the following commands:
config vpn certificate local
edit <name_of_cert>
show full
- Copy all of the contents after the 'show full' command as highlighted and paste it into a text file.
- Once pasted, edit the file by removing the following lines:
"set range global"
"set source user"
- Once completed, proceed to the GUI -> System -> Certificates [Local Certificates], select the newly created certificate in Step 1, and delete it.
- Once the certificate is removed, navigate to the CLI and paste the content of the text file from Steps 2-3. Once completed, verify the certificate was created from the GUI --> System --> Certificates [Local Certificates].
- Verify certificate is usable.
In the list from the screenshot in Step 1, verify the certificate is an option. Alternatively, via the CLI, issue the following commands:
config system global
set admin-server-cert ? <----- The certificate should be visible as an option.
end
If the issue persists, engage TAC for further assistance.
|
