Certificate-based authentication

Import the SSL certificate into FortiOS

To import the certificate to FortiOS- web-based manager

  1. Go to System > Certificates.
  2. Select Import > Local Certificate.
  3. Select Certificate for Type.

Fields for Certificate file, Key file, and Password are displayed.

  1. For Certificate file, enter c:\OpenSSL-Win32\bin\fgtssl.crt.
  2. For Key file, enter c:\OpenSSL-Win32\bin\fgtssl.key.
  3. For Password, enter the PEM Pass Phrase you entered, such as fortinet.
  4. Select OK.

The SSL certificate you just uploaded can be found under System > Certificates under the name of the file you uploaded — fgtssl.

Example — Generate an SSL certificate in

To confirm the certificate is uploaded properly – CLI:

config vpn certificate local edit fgtssl get

end

The get command will display all the certificate’s information. If it is not there or the information is not correct, you will need to remove the corrupted certificate (if it is there) and upload it again from your PC.

To use the new SSL certificate – CLI

config vpn ssl settings set servercert fgtssl

end

This assigns the fgtssl certificate as the SSL server certificate. For more information see the FortiOS Handbook SSL VPN guide.

 

This entry was posted in FortiGate, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.