Downloading the certificate request, Importing the signed local certificate – Fortinet FortiGate 4000 User Manual
Page 248
248
Fortinet Inc.
Managing digital certificates
IPSec VPN
Downloading the certificate request
Use the following procedure to download a certificate request from the FortiGate unit
to the management computer.
To download the certificate request
1
Go to VPN > Certificates > Local Certificates.
2
Select Download
to download the local certificate to the management computer.
3
Select Save.
4
Name the file and save it in a directory on the management computer.
After downloading the certificate request, you can submit it tor your CA so that your
CA can sign the certificate.
Importing the signed local certificate
With this procedure, you import the signed local certificate from the management
computer to the FortiGate unit.
To import the signed local certificate
1
Go to VPN > Certificates > Local Certificates.
2
Select Import.
3
Enter the path or browse to locate the signed local certificate on the management
computer.
4
Select OK.
The signed local certificate is displayed on the Local Certificates list with a status of
OK.
Backing up and restoring the local certificate and private key
When you back up a FortiGate configuration that includes IPSec VPN tunnels using
certificates, you must also back up the local certificate and private key in a password-
protected PKCS12 file. Before restoring the configuration, you must import the
PKCS12 file and set the local certificate name to the same that was in the original
configuration.
Public Key Cryptography Standard 12 (PKCS12) describes the syntax for securely
exchanging personal information.
Note: Use the execute vpn certificates key CLI command to back up and restore the
local certificate and private key. For more information, see the FortiGate CLI Reference Guide.