Certificate templates
The certificate templates menu allows you to create CA certificate templates, add devices to them, and then generate certificates for selected devices. Once the CA certificates have been generated and signed, they can be installed using the install wizard.
The following information is displayed:
Device Name | The device name is displayed. |
Certificate Status | The certificate status is displayed. |
The following options are available:
Certificate
Add Device | Select to add a device. Select OK to save the setting. |
Delete Device | Select an entry, right-click, and select Delete Device from the menu. A confirmation dialog box is displayed. Select OK to proceed with the delete action. |
Generate | Select to generate the certificate request. |
Create New | Select to create a new certificate. |
Edit | Select a certificate template, right-click and select Edit to edit the selected certificate. |
Delete | Select a certificate template, right-click and select Delete to delete the selected certificate. Select OK in the confirmation dialog box to complete the delete action. |
To create a new certificate template:
- In the Provisioning Templates tree menu, right-click on Certificate Templates and select Create New from the pop-up menu. The New Certificate dialog box opens.
- Enter the following information:
Certificate Name Type a name for the certificate. |
Optional Information Optionally, type the organization unit, organization, locality (city), province or state, country or region, and email address. |
Key Type RSA is the default key type. This field cannot be edited. |
Key Size Select the key size from the drop-down list. The available key sizes are: l 512 Bit l 1024 Bit l 1536 Bit l 2048 Bit |
Online SCEP Enrollment |
CA Server URL Type the CA server URL. |
Challenge Password Type the challenge password for the CA server. |
- Select OK to create the certificate.
To edit a certificate:
- Right-click on the certificate name in the tree menu and select Edit from the pop-up menu.
- Edit the settings as required in the Edit Certificate window, then select OK to apply the changes.
Certificate
To delete a certificate:
- Right-click on the certificate name in the tree menu and select Delete from the pop-up menu.
- Select OK in the confirmation dialog box to delete the certificate.
To add device to a certificate template:
- Select the certificate template from the tree menu to which you are adding devices.
- In the content pane, select Add Device from the toolbar. The Add Device dialog box opens.
- Add devices from the drop-down list, then select OK to add the devices.
To generate certificates:
Do one of the following:
- Select one or more devices from the list of devices added to the certificate template, and then select Generate from the toolbar.
- Right-click on a device from the list and select Generate from the pop-up menu.
- Confirm the certificate generation in the confirmation dialog box to generate the certificate.
If a certificate failed generation, you can attempt to generate the certificate again.
If the certificate name already exists on the FortiGate unit, it will be overwritten each time the generate button is run. This allows the certificates to be updated more easily (for instances, if it has expired or is about to expire) without affecting any existing VPN configurations that are using the certificate.