FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
asrour
Staff
Staff
Article Id 331616
Description

This article describes how to import a PFX certificate to FortiManager/FortiAnalyzer via the CLI.

PEM and PFX (also known as PKCS #12) are both formats of X.509 Certificate.

 PEM is Base64 ASCII encoded and can be viewed in a text editor while PFX is in Binary format, not human-readable

Scope

FortiManager / FortiAnalyzer.

Solution

To upload an SSL Certificate to FortiManager/FortiAnalyzer via the CLI, it must be in the PEM format.

  1. If the cert is in PFX, convert the PFX to PEM using any third party tool. In this example, SSL shopper is used.

Upload the PFX certificate to the online tool and enter its password, then select convert.

The PEM certificate will be downloaded. In this example, the downloaded file will be test-certificate.pem.

  1. Right-click the .pem file and open it using a text editor such as notepad.
  2. The text editor will open the file as below:

2.png

 

  1. Copy the first paragraph from the start of where it says '-----BEGIN PRIVATE KEY-----' until the end of where it says '-------END ENCRYPTED PRIVATE KEY----- '.
  2. Copy the second paragraph, which is the certificate, from the start of where it says '-----BEGIN CERTIFICATE-----' until the end of where it says '-----END CERTIFICATE-----'.
  3. Ignore the third paragraph (which is the CA Bundle File) and the other text in the file.
  4. Log in to the FortiManager or FortiAnalyzer or connect via SSH.
  5. In the CLI console:

config system certificate local  <- Note that in this case, a local certificate is being uploaded. Use the same method for other certificate types, but change 'local' to the corresponding type

edit “test-certificate”   <- Give a name to the cert.

set private-key  paste the first paragraph

set certificate  paste the second paragraph

end

  1. The certificate is saved in the FortiManager/FortiAnalyzer under System Settings -> Certificates and ready to be used.

3.png

Contributors