Managing X.509 certificates
Managing security certificates is required due to the number of steps involved in both having a certificate request signed, and then distributing the correct files for use.
You use the FortiGate unit or CA software such as OpenSSL to generate a certificate request. That request is a text file that you send to the CA for verification, or alternately you use CA software to self-validate. Once validated, the certificate file is generated and must be imported to the FortiGate unit before it can be used. These steps are explained in more detail later in this section.
This section provides procedures for generating certificate requests, installing signed server certificates, and importing CA root certificates and CRLs to the FortiGate unit.
Managing X.509
For information about how to install root certificates, CRLs, and personal or group certificates on a remote client browser, refer to your browser’s documentation.
This section includes:
- Generating a certificate signing request
- Generating certificates with CA software
- Obtaining and installing a signed server certificate from an external CA
- Installing a CA root certificate and CRL to authenticate remote clients
- ExtendedKeyUsage for x.509 certificates