FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pradeepb
Staff
Staff
Article Id 192766

Description


This article explains how to import an SSL certificate as a local certificate on FortiGate.

Solution

 

1) If the Certificate Signing Request (CSR) was generated on FortiGate, follow the steps below to import the certificate in .CER format.
The Private key is generated on the Fortigate itself as part of the CSR process.

 

v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> Local Certificate.

 

v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> Local certificate.


2) If the Certificate Signing Request (CSR) was generated on an external server, choose the most appropriate option from the following two ways to import the Certificate:

 

A) If the Certificate and private key are bundled in a single PKCS#12 (also referred to as .PFX) file format, follow the instructions below.
This certificate will be encrypted and a password must be supplied with the certificate file.

 

v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> PKCS#12 certificate.

 

v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> PKCS#12 certificate.


B) If the Certificate (.CER/.DER Format) and Private Key (.PEM format) are separate, follow these instructions:

 

v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> Certificate.

 

v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> Certificate.

 

Certificate file -> .CER 
Key File ->  .PEM
Password -> Enter the Password

 

The password is required to upload the certificate private key.

 

Related KB Articles:

https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/907098/import-a-certificate

https://docs.fortinet.com/document/fortigate/6.4.7/administration-guide/322226/uploading-a-certifica...

Technical Tip: How to update a local certificate installed on a FortiGate unit without generating a ...