Description | This article describes how to check if a certificate and key belong to a CSR. |
Scope | FortiGate versions 6.X, 7.X. |
Solution |
In this example, the CSR is created on the FortiGate, and it is signed manually by a 3rd party.
Debug will show the following error:
# diag debug reset
One of the causes is mismatching cert and CSR.
Mismatching cert and CSR example:
User@123:~$ openssl x509 -noout -modulus -in /mnt/c/User/lab/cert.cer | openssl md5 User@123:~$ openssl req -noout -modulus -in /mnt/c/User/lab/csr.csr | openssl md5
Matching cert and CSR example: User@123:~$ openssl x509 -noout -modulus -in /mnt/c/User/lab/1cert_upload_test.local.cer | openssl md5 User@123:~$ openssl req -noout -modulus -in /mnt/c/User/lab/1cert_upload_test.local.csr | openssl md5
For checking a key, use the following command:
openssl rsa -noout -modulus -in <pathtothekey> | openssl md5 |
Related article |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.