Hi all,
I am trying to get a certificate password from my fortigate unit. any one knows how to decrypt that password stored
command i used
sh vpn certificate local
In that my certificate password is there.
Hi abdulrazak,
as you might realized, each time you save config backup, those passwords (set secret ..) changes the strings.
That's because those are salted and then encrypted to protect those exactly against what you are trying to achieve .. clear text password retrieval from encrypted form.
AFAIK it should not be possible.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
You need to 1> record the private-key passphrase 2> store it in a secure spot
You will not be able to retrieve any password/secrer/passphrase from a FGT.con file
ken
PCNSE
NSE
StrongSwan
Thanks,
What if i created csr in my fortigate device and made it CA signed, so that i can use it as trusted certificate. That time i need private key and password additionally to add this certificate to another unit, how i will get this password?. I have to use this certificate for ssl inspection. If i add it in the same device in which i created csr, it is added in local certificate, but ssl inspection drop-menu have only local CA certificate. So i need to add this certificate as local CA certificate. kindly suggest one solution
You can't craft a CSR with a certificate "CA sign". don't you have a local CA ( MS enterprise for example ) and can you sign a CSR and ensure the useage as CA:TRUE?
If, yes than you import that certificate into the fortigate and trust it with your webclients.
Do a google search for fortigate cookbook and ssl-inspections. They have a few documents out that explains this.
PCNSE
NSE
StrongSwan
Old post I know, but I will add to this as I struggled to work out why the certificate wasn't "visible" in the dropdown box for the SSL VPN settings, and couldn't find much on the web on how to migrate...
So if you are doing a Fortigate migration and the old Fortigate has a certificate that has been generated on the firewall itself, then others have mentioned the passphrase is generated by the Fortigate (and therefore unknown) so you cannot just download the cert and import it to the new Fortigate. You have 2 options.
1. Try unset the password, see this link https://stuff.purdon.ca/?page_id=233
2. If the above doesn't work (supposedly doesn't for certain firmware versions, as it didn't work for me with an older firmware revision) Migrate portions of the configuration over including the private key and encryption password. To do, view the configuration from the CLUI, highlight and copy the private key and cert from the configuration under:
config vpn certificate local
Eg: copy out the parts between edit "My Cert" and -- END CERTIFICATE -- then backup the config on your new firewall, paste the copied portion of configuration into the same section, save then restore that config back into the new firewall. Don't forget to import the corresponding CA certificate too.
Cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.