FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sselvam
Staff
Staff
Article Id 190406

Description

 

This article describes how to take backup and restore the local certificates of the firewall.

Solution

 

This procedure exports a server (local) certificate and private key together as a password-protected PKCS12 file.
The export file is created through a customer-supplied TFTP server.
 Ensure that the TFTP server is running and accessible to the FortiGate before entering the command.


To back up the local certificates.

Connect to the CLI and use the following command:

 

execute vpn certificate local export tftp <cert_name> <cert file type> <filename> <tftp_ip>

 

where:

- <cert_name> is the name of the server certificate.

- <cert file type> type of certificate file 'cer'|'p12'|'csr'
- <filename> is a name for the output file.
- <tftp_ip> is the IP address assigned to the TFTP server host interface.

To restore the local certificates using from GUI.

 
1) Move the output file from the TFTP server location to the management computer.

2) Go to System -> Certificates, select 'Import' and 'Local'.
3) Select the certificate type, then select 'Upload' in the Certificate file field.
4) On the management computer, browse to the file location, select it, and select 'Open'.
5) If the Type is Certificate, upload the Key file as well.
6) If required, enter the Password that is required to upload the file or files.
7) Select 'OK'.

To restore the local certificates using the CLI.

Use the following command from CLI:

 

execute vpn certificate local import tftp <filename> <tftp_ip>