Description
This article describes how to take backup and restore the local certificates of the firewall.
Solution
This procedure exports a server (local) certificate and private key together as a password-protected PKCS12 file.
The export file is created through a customer-supplied TFTP server.
Ensure that the TFTP server is running and accessible to the FortiGate before entering the command.
To back up the local certificates.
Connect to the CLI and use the following command:
execute vpn certificate local export tftp <cert_name> <cert file type> <filename> <tftp_ip>
where:
- <cert_name> is the name of the server certificate.
- <cert file type> type of certificate file 'cer'|'p12'|'csr'
- <filename> is a name for the output file.
- <tftp_ip> is the IP address assigned to the TFTP server host interface.
To restore the local certificates using from GUI.
2) Go to System -> Certificates, select 'Import' and 'Local'.
3) Select the certificate type, then select 'Upload' in the Certificate file field.
4) On the management computer, browse to the file location, select it, and select 'Open'.
5) If the Type is Certificate, upload the Key file as well.
6) If required, enter the Password that is required to upload the file or files.
7) Select 'OK'.
To restore the local certificates using the CLI.
Use the following command from CLI:
execute vpn certificate local import tftp <filename> <tftp_ip>
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.