Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jasonsig
New Contributor

Howto - create windows CA and export

Hi, does forti have any documentation regarding creating a certificate from a windows CA and exporting it onto the fortigate? jason
6 REPLIES 6
Bromont_FTNT
Staff
Staff

Getting a signing certificate signed by your Domain Controller is out of scope for Fortinet documentation although you may find some websites with some instructions. Have you attempted getting a cert from your windows server yet?
jasonsig
New Contributor

Yes. I just backed up the root ca (including the key). Note that this was in pfx (.p12). Then I had to convert it to pem using openssl. After converting you would get a key file and a pem certificate. Then on the fortigate under certificates use the local (type certificate) and import the cert and the key. jason
Bromont_FTNT
Staff
Staff

For deep SSL inspection you' ll need a new signing certificate that is itself signed by that root CA so domain member workstations will trust the connection when it does SSL inspection. You can create the certificate request (CSR) on the Fortigate then download it, get it signed by the DC root CA and import back into the Fortigate. You' ll need to use a template on the DC that creates a signing cert such as SubCA.
jasonsig
New Contributor

Great. Would you have any instructions? jason
Bromont_FTNT
Staff
Staff

Here' s a link to some instructions on getting certificate services and web enrolment installed. https://stuff.purdon.ca/?page_id=163
pcraponi
Contributor II

http://docs-legacy.fortinet.com/fgt/sysadmin/fortios_certificate_management.pdf

Regards, Paulo Raponi

Regards, Paulo Raponi
Labels
Top Kudoed Authors