fwiw I generate csr via openssl and then import those into the FGT/FM, less problems and headaches imho

Hi everyone, thanks for the quick response. Just got off the phone with support and they confirmed that it was a known issue and fix was coming in update 5. only problem was that update 5 is scheduled for October sometime. For now going with the workaround from emnoc until they fix the gui.

Hi, I generated a CSR from cli using ' execute vpn certificate local generate' command and the cli returns: ' Generating a 2048 bit RSA private key Generating X.509 certificate Done.' But where is the CSR? Where can I find it?

Go to GUI >certificates , and you should have CSR that you can download.

Hi, if you have update 4 then the CLI won' t generate the local certificate for you. I tried this and while it says " success" it doesn' t actually create the certificate. If you follow the suggestions above and create the certificate externally to the fortigate and then import it you will be ok. I used RapidSSL for this and they will both generate and sign the certificate for you - 2 birds, one website. Otherwise you can just wait until update 5 comes out which will fix this bug.

Thanks for your replays. Yes, I have update 4 and there is no new certificate in GUI after generate. I need a certificate only for internal purpose so I can create it using my active directory integrated CA, it would be easiest because all hosts in my internal network trusts my CA.. But to do so I need a certificate signing request... Or maybe there is another way to create a certificate for fortigate using my CA?