FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This procedure describes how to export a local certificate from a FortiGate with its private key and re-import it in another FortiGate.
Solution 1) Save the private key from CLI.
1.1) Go to the CLI menu '# config vpn certificate local'. 1.2) Type '# show full', and for the given certificate, look for the line starting with < set private-key '-----BEGIN RSA PRIVATE KEY-----"'>. 1.3) Copy the text from -----BEGIN RSA PRIVATE KEY----- up to -----END RSA PRIVATE KEY----- and save it to a file. 1.4) Make sure to exclude any special characters such as for example. 1.5) Example is provided at the end of this article
2) Set a password for the certificate.
2.1) Go to the CLI menu '# config vpn certificate local'. 2.2) Edit the given certificate and set a password ( set password <password>).
3) Export the certificate from GUI.
3.1) Go to Global -> Certificates -> Local Certificates. 3.2) Select the certificate to export and select 'Download'. 3.3) This will provide a .cer file, such as for example 'Cert_chain1.cer'.
4) Re-import it on another FortiGate from GUI.
4.1) Go to Global -> Certificates -> Local Certificates. 4.2) Select Import -> "Certificate. 4.3) In the appropriate fields, select the files saved in step1 and step2, and provide the password from step2. 4.4) Verify from the menu Global -> Certificates -> Local Certificates that the certificate is present.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.