Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pikok
New Contributor

Migrate Fortinet_CA_SSL from old Fortigate to a new one

Hello

What steps to take to transfer Fortinet_CA_SSL (used in deep inspection) from one Fortiagte to another.

Fortiagte was replaced with a new one and was configured from scratch.


The Fortinet_CA_SSL certificate is installed on end computers
(so that there are no problems with the certificate in deep inspection)

 

I do not want to install the certificate from the new Fortigate on computers,
only to transfer the deep inspection from the old fortigate.

2 REPLIES 2
pminarik
Staff
Staff

Hi,

If the old FortiGate is still up, you can grab the old CA certificate snippet from CLI: show full vpn certificate local Fortinet_CA_SSL

If not, grab the same object from its configuration backup (config vpn certificate local -> edit "Fortinet_CA_SSL" ...).

 

Then paste the entire config snippet into the CLI of your new FortiGate (including the encrypted private-key, password, and certificate fields). Note: I am not sure if the default CA is modifiable. Ff it is not, you may need to paste the old CA in with a different name (e.g. "Fortinet_CA_SSL_old") to avoid the name conflict. Afterwards you will need to edit your SSL inspection profiles and set them to use the old CA certificate.

[ corrections always welcome ]
Pikok
New Contributor

Replacing the certificate doesn't work but adding it with a different name did the trick

Thank you for your help

Labels
Top Kudoed Authors