Description
This article describes how to push local SSL certificates from FortiGates to all connected FortiGate devices through FortiManager. It provides a step-by-step guide on using a script to run on remote FortiGates via CLI.
Scope
FortiManager, FortiGate.
Solution
To push SSL certificates to all FortiGates that are already integrated with FortiManager:
- Get the full config of the SSL certificate in the CLI config.
FGT-HUB (labtest) # show full
config vpn certificate local
edit "labtest"
set password ENC 4XiV4sTxRXGmvPCFNcDVqAosqkWdNX4FSc8FNJV/88vdmLMVidUpU/IV/n5hoeJu2AEc7gMavac6brlERVgMDueDLSM4f3BQSzRolAnAxnyCt47V1VCPHANOcA9jmGF4CHGO9LxfL4JHRFJEimAlxo9qgjTn9gAPETs8QP8RARUn9y423a7CMOX69aaMUrJ/QVzxlw==
set comments "This certificate is automatically generated."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
............................................................................
............................................................................
........................
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
............................................................................
............................................................................
......................
-----END CERTIFICATE-----"
set range global
set source user
set source-ip 0.0.0.0
set ike-localid-type asn1dn
set enroll-protocol none
next
end
- Put the config under Scripts in FortiManager -> Device Manager -> Scripts -> Create New, as shown in the example below:
- Use a script and run it on the Remote FortiGate directly (via CLI), as per below:
Related article:
