FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff
Article Id 193310
Description
This article provides steps to export the SSL certificate and private key from the appliance.  This is useful when the certificate and private key are needed for use on another appliance, however, the certificate files are no longer available.



Solution
Execute the following commands to extract the Private Key and Certificate from the Java KeyStore (JKS).  The resulting certificate file (cert.pem) and private key file (key.pem) can then be used to import to another appliance.


1. Log into the appliance CLI as root.

2. Export from the JKS to PKCS #12 from the desired target whose certificate is going to be copied (srcalias).

srcalias value options:
tomcat = Admin UI
agent = Persistent Agent
portal = Captive Portal


The following example exports from the Admin UI target:
keytool -importkeystore -srckeystore /bsc/campusMgr/.keystore -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias tomcat -deststorepass bradford -destkeypass bradford

3. Enter ^8Bradford%23 at the prompt

4. Export certificate from the new keystore.p12 (password bradford):
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem

5. Export unencrypted private key:
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem


Import the cert.pem and key.pem files to the desired appliance.  This can be done through the Administration UI.  For instructions see "Upload the certificate" under section Certificate management of the Administration Guide:
8.x: https://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/966318/certificate-management
9.x: https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/966318/certificate-management


Contact Support for assistance.



Contributors