Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
martyyy
New Contributor III

"Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert."

SSL_VPN/Https/SAMP SP signing Certificate is about to expire. I have been able to import it in our other firewall  1 via the GUI after changing private key format to UTF-8 but I have a difficulty on the other firewall 2 that Im unable to import the certificate and getting this error "Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert."

 

- 2 FGVM 

-FOS 7.0.14

 

 

Thank you!

4 REPLIES 4
rtanagras
Staff
Staff

Hi @martyyy - Are you using signed certificate from the vendor? If so, you can ask them to provide the .pfx file and upload it on FortiGate System>Certificates>Create/Import>Certificate>Import Certificate>Choose PKCS#12 Certificate>Upload.

Best,
Ricky
tpatel

Hi, If expire certificate is not delete from foritgate and you have update it through cli without generating CSR.

Please click on below link and reference document.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-update-a-local-certificate-installe...

Toshi_Esumi
SuperUser
SuperUser

We get an updated cert in PEM format(*.crt) every year. So simply follow the KB to create a new one with slightly different name like "xxxx-2024".
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-a-new-local-certificate-afte...

Toshi

martyyy
New Contributor III

Hi @rtanagras  @Toshi_Esumi ,

 

Thank you guys for your insights. I managed to import the certificate after rebooting the firewall.

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors