Description
This procedure describes how to export a local certificate from a FortiGate with its private key and re-import it in another FortiGate.
Solution
1) Save the private key from CLI.
1.1) Go to the CLI menu '# config vpn certificate local'.
1.2) Type '# show full', and for the given certificate, look for the line starting with < set private-key '-----BEGIN RSA PRIVATE KEY-----"'>.
1.3) Copy the text from -----BEGIN RSA PRIVATE KEY----- up to -----END RSA PRIVATE KEY----- and save it to a file.
1.4) Make sure to exclude any special characters such as for example.
1.5) Example is provided at the end of this article
2) Set a password for the certificate.
2.1) Go to the CLI menu '# config vpn certificate local'.
2.2) Edit the given certificate and set a password ( set password <password>).
3) Export the certificate from GUI.
3.1) Go to Global -> Certificates -> Local Certificates.
3.2) Select the certificate to export and select 'Download'.
3.3) This will provide a .cer file, such as for example 'Cert_chain1.cer'.
4) Re-import it on another FortiGate from GUI.
4.1) Go to Global -> Certificates -> Local Certificates.
4.2) Select Import -> "Certificate.
4.3) In the appropriate fields, select the files saved in step1 and step2, and provide the password from step2.
4.4) Verify from the menu Global -> Certificates -> Local Certificates that the certificate is present.
Example of private key file.
This procedure describes how to export a local certificate from a FortiGate with its private key and re-import it in another FortiGate.
Solution
1) Save the private key from CLI.
1.1) Go to the CLI menu '# config vpn certificate local'.
1.2) Type '# show full', and for the given certificate, look for the line starting with < set private-key '-----BEGIN RSA PRIVATE KEY-----"'>.
1.3) Copy the text from -----BEGIN RSA PRIVATE KEY----- up to -----END RSA PRIVATE KEY----- and save it to a file.
1.4) Make sure to exclude any special characters such as for example.
1.5) Example is provided at the end of this article
2) Set a password for the certificate.
2.1) Go to the CLI menu '# config vpn certificate local'.
2.2) Edit the given certificate and set a password ( set password <password>).
3) Export the certificate from GUI.
3.1) Go to Global -> Certificates -> Local Certificates.
3.2) Select the certificate to export and select 'Download'.
3.3) This will provide a .cer file, such as for example 'Cert_chain1.cer'.
4) Re-import it on another FortiGate from GUI.
4.1) Go to Global -> Certificates -> Local Certificates.
4.2) Select Import -> "Certificate.
4.3) In the appropriate fields, select the files saved in step1 and step2, and provide the password from step2.
4.4) Verify from the menu Global -> Certificates -> Local Certificates that the certificate is present.
Example of private key file.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,21F46CF768868B66
Zw+r9xa1L6r79qbsLnpk7o8Dj99fsdfsdfdYRFvPUhzC0ORelfcPzwrvDoyRQJKJ
QSfAIQ5lwaWsJoWw9e8O1nl8asdwesu4ui0u4LA2l7G6iJPyGy+QMZ2srA32p4iv
[trunkated]
bsLnpk7o8Dj99fjsJywFdYRFvPUhzC0ORelfcPzwrvDoyRQJKJfsf9sfsdfsfsfs
QSfAIQ5lwaWsJoWw9e8O1nl8o+EpYDu4ui0u4LA2l7G6iJPyGy+QMZ2srA32p4iv
-----END RSA PRIVATE KEY-----