FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article how to take backup and restore the local certificates of the firewall.

This procedure exports a server (local) certificate and private key together as a password protected PKCS12 file.
The export file is created through a customer-supplied TFTP server.
 Ensure that the TFTP server is running and accessible to the FortiGate before to enter the command.

To back up the local certificates.

Connect to the CLI and use the following command:
# execute vpn certificate local export tftp <cert_name> <filename> <tftp_ip>

- <cert_name> is the name of the server certificate.
- <filename> is a name for the output file.
- <tftp_ip> is the IP address assigned to the TFTP server host interface.

To restore the local certificates using from GUI.

1) Move the output file from the TFTP server location to the management computer.
2) Go to System -> Certificates, select 'Import' and 'Local'.
3) Select the certificate type, then select 'Upload' in the Certificate file field.
4) On the management computer, browse to the file location, select it, and select 'Open'.
5) If the Type is Certificate, upload the Key file as well.
6) If required, enter the Password that is required to upload the file or files.
7) Select 'OK'.

To restore the local certificates using the CLI.

Use the following command from CLI:
# execute vpn certificate local import tftp <filename> <tftp_ip>