FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vbharath_FTNT

Description

This article explains how to update a certificate that is already installed on a FortiGate unit without the need to generate a new CSR first.  This is typically done when the certificate currently installed on the FortiGate has expired.


Scope

This technical note only applies when the CA renews the certificate using the same public/private key pair as the original certificate.


Solution

This procedure can only be done through the command line interface (CLI) of the FortiGate.

1) Open the renewed certificate (provided by the CA) in text editor and copy the content.
 
Note that regardless of certificate's file extension, the certificate must be PEM encoded, not DER encoded. If it is DER encoded, you will not see the words "BEGIN CERTIFICATE" or "END CERTIFICATE".


vbharat_FD35074_tn_viswa_1.jpg


2) Connect to the FortiGate unit via SSH to import the new signed certificate

# config vpn certificate local
# edit [certificate name]
# set certificate “paste the certificate content between double quotes”
# end

For example:

# config vpn certificate local
# edit fgt
# set certificate "-----BEGIN CERTIFICATE-----
> mPjDQDYkYHKcTrGa6aH7e1w1uM7kdaBAjyAgM7xcmuTrsCeLYfd+BwIDAQABo4ID
> TDCCA0gwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIorRWhO7dYIKtkziB9KY0
-----END CERTIFICATE-----"
# end


3) To make the renewed certificate effective, unset and set the certificate

• For Admin HTTPS server certificate

# config system global
# unset admin-server-cert
# end

# config sys global
# set admin-server-cert [name] >> select the certificated used for admin HTTPS access.
# end

Similar steps can be followed for certificates used for SSLVPN

# config vpn ssl setting
# set servercert [certificate name]
# end


4) Verify the renewed certificate


vbharat_FD35074_tn_viswa_2.jpg



 

 

Contributors