-----BEGIN CERTIFICATE REQUEST-----MIIC5jCCAc4CAQAweDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVN0YXRlMQ0wCwYD5) When the certificate is issued by the root CA make sure to download it in Base64 format.
VQQHEwRDaXR5MQwwCgYDVQQKEwNPUkcxCzAJBgNVBAsTAk9VMRAwDgYDVQQDEwcx
…
5yN/0aRPjUbSxKczkQxQfw7gvQPjieI1IRIk9TduYj/ic0DO1ch5Yau7+hEusR5a
7cSFo9S94oT6ZHFq22noaBF86l5VKArARqc=
-----END CERTIFICATE REQUEST-----
# config vpn certificate local11) By running commands from previous step, FortiGate will display encrypted private and public certificate.
edit [certificate_name]
show full
# config vpn certificate local13) From this output, copy the texts between and including:
edit "new-certificate"
set password ENC "xbhxFaf5XBhM8swWpprSCYI6SLBe3/AMOn/Mj7xatDqFENQXjjXPmD2VXYuYN6zks3O36ECCkxX2ksQkEoyBPke9fV0rT08or7vtfB9tlN8fWA5SWJ5J9Gs > KBLk9WdWpDDwVsio7CaVYx24hX2/98jFNkCgQ90PDz8M6CX9ZboQHLemJgX0h88P5EsVrPhaVqT/PEw=”
set comments ‘’
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgU1YXilYKBW2gag
…
g5vtXWbV3vM8mWMAou4qAR6X/k+5usIqYzqB67wFEMXsYkQ8vb0
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE----MIID2jCCAsKgAwIBAgIEVC8u3jANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMC
…
WY1CW4nQSamY6of2lmQbjfUKNtuyS56Y3MhhfokI0IPPtEsrVpLu89VHyiCQMKpzRu
-----END CERTIFICATE-----"
set range global
set source user
set source-ip 0.0.0.0
set ike-localid-type asn1dn
set enroll-protocol none
next
end
"-----BEGIN ENCRYPTED PRIVATE KEY-----” AND "-----END ENCRYPTED PRIVATE KEY-----"
"-----BEGIN CERTIFICATE-----" AND "-----END CERTIFICATE-----"14) Paste these texts into a text editor (For example, Notepad or vim) and save each as a separate file, ensuring that the quotations are removed and that there is no empty spaces before or after the texts.
Related Articles
Technical Note: FortiGate - Generate CSR via CLI when Subject Alternative Name field is long
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.