Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiGate : SSL Certification Private Key Export

Hello Everyone,


This is probably a common issue, but it's kind of urgent.


I configured a CSR from Fortigate to purchase an SSL Certificate.


All good so far, i managed to install the certificate. But i want to use it in other servers, so i need the private key.


Throught CLI, i found the private key but it's encrypted. the commande "unset password" doesnt work apparently in the 5.4 FortiOS.


What are my options ? can i export the certificate/key in another Fortigate (4.0 ?) and try to unset the password ? any other solution ? 




yes you will need to create a cert bundle as you cannot import a key into a FGT :)

And yes private and public key as well as the certificate itself are encrypted and that's what they should be.

You might need to know the password if you want to use the private key if it is password encrypted.

And this is the only caveat here too! Private/public key and cert encryption is not Fortinet-specific. This is defined by ssl. But the encryption of you stored password is! So you might need to put the FGT you want to import that to to the same firmware version as you other one is band then upgrade follwoing upgrade path if neccessary. This is because Fortinet (prolly several times) made changes in the password encryption algorithms.



"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors