FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
kmak
Staff
Staff
Article Id 255706
Description This article describes how to export the unencrypted private key and certificate installed in FortiWeb.
Scope FortiWeb.
Solution

Prerequisites:

  • SSH CLI access is enabled in FortiWeb.
  • Account has the privilege to enable backend-shell access in FortiWeb.
  • Backend Shell access is no longer available for v7.4.1 or higher, meaning the method is not applicable for FortiWeb firmware version v7.4.1 or above.

 

  1. Log in to the FortiWeb GUI and check for the certificate name.   

         

kmak_0-1683513976305.jpeg

 

  1. Log in to the FortiWeb SSH CLI and enable the backend shell access and user.

 

kmak_1-1683513976307.jpeg

 

  1. Open a new FortiWeb SSH CLI console and login using the backend shell username and password.

 

kmak_2-1683513976308.jpeg

 

  1. In the backend shell console, access the directory of where the SSL certificate is stored (/data/etc/cert/local/root).

 

kmak_3-1683513976310.jpeg

 

  1. Use commands like 'cat' or 'vi' to print or open the private key and certificate files.
  • Private key example:

 

kmak_4-1683513976319.jpeg

 

  • Certificate example:

 

kmak_5-1683513976327.jpeg

 

  1. Copy and paste the key and certificate into two separate files with proper naming conventions and valid file extensions.
  • Private key example:

 

kmak_6-1683513976334.jpeg

 

  • Certificate example:

 

kmak_7-1683513976340.jpeg

 

Related document:

Secure connections (SSL/TLS).