Description
This article explains how to import an SSL certificate as a local certificate on FortiGate.
Solution
- If the Certificate Signing Request (CSR) was generated on FortiGate, follow the steps below to import the certificate in .CER format.
The Private key is generated on the FortiGate itself as part of the CSR process.
v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> Local Certificate.
v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> Local certificate.
- If the Certificate Signing Request (CSR) was generated on an external server, choose the most appropriate option from the following two ways to import the Certificate:
- If the Certificate and private key are bundled in a single PKCS#12 (also referred to as .PFX) file format, follow the instructions below.
This certificate will be encrypted and a password must be supplied with the certificate file.
v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> PKCS#12 certificate.
v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> PKCS#12 certificate.
- If the Certificate (.CER/.DER Format) and Private Key (.PEM format) are separate, follow these instructions:
v7.0.1 & Earlier versions:
Import the certificate in System -> Certificates -> Import -> Local Certificate -> Certificate.
v7.0.2 & Later versions:
Import the certificate in System -> Certificates -> Create/Import -> Certificate -> Import Certificate -> Certificate.
Certificate file -> .CER
Key File -> .PEM
Password -> Enter the Password
The password is required to upload the certificate private key.
Related articles:
- Import a certificate - FortiGate administration guide
- Uploading a certificate using the GUI - FortiGate administration guide
- Technical Tip: How to update a local certificate installed on a FortiGate unit without generating a ...
- Technical Tip: How to import a new local certificate after renewing the existing local certificate w...