Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aishaqui
New Contributor III

Created on ‎01-17-2023 06:25 AM Edited on ‎03-20-2025 01:00 AM By Community Manager

Article Id 243068

Technical Tip: How to import public CA certificate bundle in FortiGate

Description

This article describes the steps for manually importing a public CA certificate bundle into FortiGate.

 

This can be needed in cases where for some reason some CA certificates or the whole bundle is removed from FortiGate or if the customer wants to manually downgrade or upgrade the CA certificate bundle.
Scope

All FortiGate models and supported firmware.
Solution

Prerequisites:

  1. TFTP server.
  2. CA certificate bundle package. It is needed to contact Fortinet support to get the CA certificate bundle package.

 

The below command is used to import the CA certificate bundle from FortiGate CLI:

 

execute vpn certificate ca import bundle <CA bundle filename with .pkg extension> <TFTP server IP>

 

aishaqui_0-1673964514677.png

 

Note:

Ensure that the local firewall (if any) on the TFTP server allows access from FortiGate for retrieving the certificate package file before initiating the command.

 

2832
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.