Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
abalachandran
Staff
Staff

Created on ‎10-28-2024 10:47 PM Edited on ‎08-11-2025 02:18 AM By Community Manager

Article Id 353232

Technical Tip: Renew FortiProxy Built-In Certificates

Description This article describes how the built-in certificates in FortiProxy can be renewed
Scope FortiProxy.
Solution

To renew the built-in certificates on FortiProxy on v2.0.X, refer to the commands below:

 

Fortinet_CA_SSL:

 

execute certificate local generate default-ssl-ca

 

Fortinet_CA_Untrusted:


execute certificate local generate default-ssl-ca-untrusted

 

Renew all SSL Key Certificates:

 

execute certificate local generate default-ssl-key-certs

 

Fortinet_SSL:

 

execute certificate local generate default-ssl-serv-key

 

To renew the built-in certificates on FortiProxy on v7.0 and above, refer to the commands below.

 

Fortinet_CA_SSL:

 

execute vpn certificate local generate default-ssl-ca  

 

Fortinet_CA_Untrusted:

 

execute vpn certificate local generate default-ssl-ca-untrusted

 

Renew all SSL Key Certificates:

 

execute vpn certificate local generate default-ssl-key-certs

 

Fortinet_SSL:

 

execute vpn certificate local generate default-ssl-serv-key

 

Fortinet_GUI_Server:

 

execute vpn certificate local generate default-gui-mgmt-cert

 

Note:

Only the built-in certificates can be renewed using the commands above. Externally imported certificates will need to be renewed manually.
495
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.