Certificate Authority (CA) Certificates are commonly employed to verify the authenticity of third-party devices, ensuring their claimed identity. This practice also applies to FortiGate, as CA Certificates are utilized for tasks like Site-to-Site VPN, establishing secure LDAP connections to Active Directory Servers, and user authentication. In some cases, these certificates are not endorsed by a Public Certificate Authorities (CA) such as GoDaddy, DigiCert, or Let’s Encrypt. Instead, they are signed by an internal or self-hosted Certificate Authority (CA) due to their intended internal use. It is important to note that FortiGate anticipates CA certificates to be in the .cer format. However, some third-party CAs might not provide certificates in this format.

For the utilization of .cer file extensions on FortiGate, it is possible to seamlessly convert them from .crt extensions by following these steps:

Double-click on the <yourcert>.crt file to open it in the certificate display.

1. Select the Details tab, then select the 'Copy to File' button.

2. Select 'Next' in the certificate wizard.

3. Choose 'Base-64 encoded X.509 (.CER)', then select 'Next' again.
   
   

4. Next, browse to where the file is to be stored and enter the filename to give the file.
   
   

5. Finally, save the file.

To import the CA certificate through the GUI:

1. Navigate to System -> Certificates and choose Create/Import -> CA Certificate.
2. Select the 'File' type to directly upload the CA certificate file from the management computer.

3. Select 'OK'.

Related articles:

• Technical Tip: Fixing the error 'Certificate file is duplicated for CA/LOCAL/REMOTE/CRL cert'.
• CA certificate - FortiGate administration guide.