Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Maerre
New Contributor

unable to delete local certificate via GUI and no access to CLI

Hi Guys,

 

i need to delete an expired local certificate and upload a new one but the delete botton is grayed out and i've no access to CLI (i access directly to the public ip address), how can i replace it?

if i try to import the new one i'm promped this: "Certificate file is duplicated for CA/LOCAL/REMOTE/CRL cert."

hardware is FortiWiFi 60F Region-E

 

thanks

regards

 

 

1 Solution
vdralio

Hi @Maerre ,

 

This error usually appears when:

- Certificate is uploaded in the wrong category.
- Import a certificate without private key material.
- Upload the certificate which is already present.

Can you please delete the existing new certificate and create a new certificate with the private key in the pkcs#12 format then import the certificate:
System -> certificates -> import -> Local Certificate -> PKCS#12 Certificate.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fixing-the-error-Certificate-file-is...

This is a way how to update without generating a new CSR
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-update-a-local-certificate-installe...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...

Here you can verify and validate a certificate following the article below:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Verifying-and-validating-the-accuracy-of-a...

 

Best Regards,

Vasil

View solution in original post

5 REPLIES 5
vdralio
Staff
Staff
Maerre
New Contributor

Hi @vdralio 

 

thanks for the tip, i 've deleted the certificate but still have the same error when trying to import it:

 

"Certificate file is duplicated for CA/LOCAL/REMOTE/CRL cert."

vdralio

Hi @Maerre ,

 

This error usually appears when:

- Certificate is uploaded in the wrong category.
- Import a certificate without private key material.
- Upload the certificate which is already present.

Can you please delete the existing new certificate and create a new certificate with the private key in the pkcs#12 format then import the certificate:
System -> certificates -> import -> Local Certificate -> PKCS#12 Certificate.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fixing-the-error-Certificate-file-is...

This is a way how to update without generating a new CSR
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-update-a-local-certificate-installe...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...

Here you can verify and validate a certificate following the article below:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Verifying-and-validating-the-accuracy-of-a...

 

Best Regards,

Vasil

Maerre
New Contributor

thanks for the tips, helped me a lot to resolve.

vdralio

Hi @Maerre ,

 

Happy to help, glad that you resolved the issue :)

 

Best Regards,

Vasil