Description | This article describes how to export SSL certificates from one FortiGate to a different FortiGate. |
Scope | FortiGate v7.4.0 and above but not supported in versions lower than FortiOS 7.4.0. |
Solution |
In this example, the SSL certificate from FortiGate A will be imported to another FortiGate B. This solution is helpful in scenarios where the firewall administrator does not have a backup or copy of the certificate files or the previous firewall administrator has resigned.
This procedure can be done only through the Command Line Interface (CLI). If a certificate will be exported or downloaded from the GUI, it is only possible to export the public key, but not the private key. It is necessary to use the CLI to extract both the private and public keys.
On FortiGate A:
FortiGate-A # conf vpn certificate local FortiGate-A (local) # edit "certificate" <----- Name of certificate.
FortiGate-A (certificate) # sh full-configuration MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE end
Copy the configuration and then, access the FortiGate B.
On FortiGate B:
Paste the configuration taken from FortiGate A to FortiGate B:
After running the above CLI commands, the certificate should be imported on FortiGate B.
Related documents: Technical Tip: FortiGate HTTPS/SSL Certificate Installation (PFX, PKCS12 and PEM) |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.