Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate 90D - 6.0.2 - FORTINET_FACTORY Cert SHA1

Good morning everyone,

        I have been reading everything that i possibly can to try and figure this out and i just cannot seem to get a straight answer.  On our Fortigate 90D the FORTINET_FACTORY Cert is SHA1 signed and needs to be upgraded to SHA256.  What is the correct way to update the FORTINET_FACTORY cert to SHA256?  I know that I can generate the CSR request on the Fortigate but does that create the request local for that device from the Fortinet CA?  Or do you have to use OPENSSL?  Any information is greatly appreciated.

Valued Contributor

I'm not sure what problem you're trying to solve but I don't think what you're asking is possible.  You'll need to get a signed cert from a valid CA if you want something other than what is loaded from the factory (as you should).


I would create a new certificate using your own server that meets your needs and just load it into the FortiGate.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Esteemed Contributor III

You have a few options. 


1> generate a new CSR (  openssl or certmanger )

2> upgrade the fortios ( and yes if your running 6.0.2 ....I would upgrade )

3> import your cert+key that's already done at sha2 family algo



Ken Felix





PCNSE NSE StrongSwan

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors