FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This procedure describes how to export a local certificate from a FortiGate with its private key and re-import it in another FortiGate.
Solution 1) Save the private key from CLI.
1.1) Go to the CLI menu '# config vpn certificate local'. 1.2) Type '# show full', and for the given certificate, look for the line starting with < set private-key '-----BEGIN RSA PRIVATE KEY-----"'>. 1.3) Copy the text from -----BEGIN RSA PRIVATE KEY----- up to -----END RSA PRIVATE KEY----- and save it to a file. 1.4) Make sure to exclude any special characters such as for example. 1.5) Example is provided at the end of this article
2) Set a password for the certificate.
2.1) Go to the CLI menu '# config vpn certificate local'. 2.2) Edit the given certificate and set a password ( set password <password>).
3) Export the certificate from GUI.
3.1) Go to Global -> Certificates -> Local Certificates. 3.2) Select the certificate to export and select 'Download'. 3.3) This will provide a .cer file, such as for example 'Cert_chain1.cer'.
4) Re-import it on another FortiGate from GUI.
4.1) Go to Global -> Certificates -> Local Certificates. 4.2) Select Import -> "Certificate. 4.3) In the appropriate fields, select the files saved in step1 and step2, and provide the password from step2. 4.4) Verify from the menu Global -> Certificates -> Local Certificates that the certificate is present.
