Fortinet firewall HTTPS certificate setup for VPN

Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall HTTPS certificate setup for VPN

To setup recognized CA based HTTPS certificate for VPN in fortigate firewall use following steps:

1. Download CA certificate along with trust chain from CA website, email etc.

   For example if certificate was signed from GoDaddy then open https://aboutssl.org/go-daddy-root-certificates/ and download Go-Daddy Root certificates from:

   • https://certs.godaddy.com/repository/gd-class2-root.crt
   • https://certs.godaddy.com/repository/gdroot-g2.crt

2. Open fortinet firewall admin console. Go to System-> Certificates
3. Using import CA import both the above certificates from local disk
4. Convert CA signed certificate to CER/PEM format (---BEGIN---)

   For example for pfx to cert convert using:

   openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

5. Import CA signed certificate using import local certificate. Change the type from 'Local certificate' to 'Certificate'. Choose the same CER/PEM file for both certificate and key, if they are both in the same file. Enter desired certificate name.
6. Go to VPN->Settings. Select new certificate and click Apply.
7. Try to open the URL with FQDN and verify that certificate is opening without any issue.

Refer:

• https://www.sslshopper.com/ssl-converter.html

Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall HTTPS certificate setup for VPN