Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Created on ‎07-08-2014 06:52 AM

Article Id 193070

Technical Tip: Procedure for exporting and re-importing a local certificate with a private key

Description
This procedure describes how to export a local certificate from a FortiGate with its private key and re-import it in another FortiGate.

Solution
1) Save the private key from CLI.

1.1) Go to the CLI menu '# config vpn certificate local'.
1.2) Type '# show full',  and for the given certificate, look for the line starting with < set private-key '-----BEGIN RSA PRIVATE KEY-----"'>.
1.3) Copy the text from  -----BEGIN RSA PRIVATE KEY-----  up to -----END RSA PRIVATE KEY-----  and save it to a file.
1.4) Make sure to exclude any special characters such as for example.
1.5) Example is provided at the end of this article

2) Set a password for the certificate.

2.1) Go to the CLI menu '# config vpn certificate local'.
2.2) Edit the given certificate and set a password ( set password <password>).

3) Export the certificate from GUI.

3.1) Go to Global -> Certificates -> Local Certificates.
3.2) Select the certificate to export and select 'Download'.
3.3) This will provide a .cer file, such as for example 'Cert_chain1.cer'.

4) Re-import it on another FortiGate from GUI.

4.1) Go to Global -> Certificates -> Local Certificates.
4.2) Select Import -> "Certificate.
4.3) In the appropriate fields, select the files saved in step1 and step2, and provide the password from step2.
4.4) Verify from the menu Global -> Certificates -> Local Certificates that the certificate is present.

Example of private key file.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,21F46CF768868B66

Zw+r9xa1L6r79qbsLnpk7o8Dj99fsdfsdfdYRFvPUhzC0ORelfcPzwrvDoyRQJKJ
QSfAIQ5lwaWsJoWw9e8O1nl8asdwesu4ui0u4LA2l7G6iJPyGy+QMZ2srA32p4iv

[trunkated]

bsLnpk7o8Dj99fjsJywFdYRFvPUhzC0ORelfcPzwrvDoyRQJKJfsf9sfsdfsfsfs
QSfAIQ5lwaWsJoWw9e8O1nl8o+EpYDu4ui0u4LA2l7G6iJPyGy+QMZ2srA32p4iv
-----END RSA PRIVATE KEY-----

53785
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.