Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
export certificate CLI - [with SOLUTION]
Document: FortiGate_Certificate_Management_User_Guide_01-30005-0182-20071005 (last updated with 3.0 MR5 sometime 2007)
Explains that this CLI should be used: execute vpn certificate key export <cert_name> <exp_filename> <tftp_ip> <password>
But on my 3.0 MR7 Patch 2 I can only do: execute vpn certificate local export tftp <local_cert_name> <outpot_pkcs12_cert_name> <tftp_ip>
Meaning I' m not able to define a password and then import the cert in another FTG (4.0 MR2) (without password) returns thats the certificate is invalid.
GUI tells me: Failed to import pkcs12 file.
CLI telle me: Checking local certificate: failed. Command fail. Return code 1
What am I missing?
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[from Fortinet ticket]
Actually the CLI commands got changed here, the command structure got amended.
The command " execute vpn certificate key export" was available under version 2.8, it’s not available now. The present commands are as below:
FGT1K-1 # execute vpn certificate
ca ca
crl crl
local local
remote remote
Exporting the PKCS 12 with key is not possible through cli. You can edit the certificate as follows:
#config vpn certificate local
#edit <certificate>
#show full-configuration
Now you can get the certificate exhibited with private and public keys. You can reset the password as below:
#unset password
#set password <password>
Copy the part of private key - paste in a text file - give a name with .key
Copy the part of public key - paste in a text file - give a name
You will be having the password anyhow.
The command changed as below:
# execute vpn certificate local export tftp <certificate on FGT> <certificate> <tftp server ip>
Parameter " key" is not available now.
