- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Migrate Fortinet_CA_SSL from old Fortigate to a new one
Hello
What steps to take to transfer Fortinet_CA_SSL (used in deep inspection) from one Fortiagte to another.
Fortiagte was replaced with a new one and was configured from scratch.
The Fortinet_CA_SSL certificate is installed on end computers
(so that there are no problems with the certificate in deep inspection)
I do not want to install the certificate from the new Fortigate on computers,
only to transfer the deep inspection from the old fortigate.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If the old FortiGate is still up, you can grab the old CA certificate snippet from CLI: show full vpn certificate local Fortinet_CA_SSL
If not, grab the same object from its configuration backup (config vpn certificate local -> edit "Fortinet_CA_SSL" ...).
Then paste the entire config snippet into the CLI of your new FortiGate (including the encrypted private-key, password, and certificate fields). Note: I am not sure if the default CA is modifiable. Ff it is not, you may need to paste the old CA in with a different name (e.g. "Fortinet_CA_SSL_old") to avoid the name conflict. Afterwards you will need to edit your SSL inspection profiles and set them to use the old CA certificate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Replacing the certificate doesn't work but adding it with a different name did the trick
Thank you for your help
