[from Fortinet ticket]
Actually the CLI commands got changed here, the command structure got amended.
The command " execute vpn certificate key export" was available under version 2.8, it’s not available now. The present commands are as below:
FGT1K-1 # execute vpn certificate
ca ca
crl crl
local local
remote remote
Exporting the PKCS 12 with key is not possible through cli. You can edit the certificate as follows:
#config vpn certificate local
#edit <certificate>
#show full-configuration
Now you can get the certificate exhibited with private and public keys. You can reset the password as below:
#unset password
#set password <password>
Copy the part of private key - paste in a text file - give a name with .key
Copy the part of public key - paste in a text file - give a name
You will be having the password anyhow.
The command changed as below:
# execute vpn certificate local export tftp <certificate on FGT> <certificate> <tftp server ip>
Parameter " key" is not available now.