Fortinet firewall HTTPS certificate setup for VPN
From Notes_Wiki
<yambe:breadcrumb>Fortigate_firewall|Fortigate firewall</yambe:breadcrumb>
Fortinet firewall HTTPS certificate setup for VPN
To setup recognized CA based HTTPS certificate for VPN in fortigate firewall use following steps:
- Download CA certificate along with trust chain from CA website, email etc.
- For example if certificate was signed from GoDaddy then open https://aboutssl.org/go-daddy-root-certificates/ and download Go-Daddy Root certificates from:
- Open fortinet firewall admin console. Go to System-> Certificates
- Using import CA import both the above certificates from local disk
- Convert CA signed certificate to CER/PEM format (---BEGIN---)
- For example for pfx to cert convert using:
- openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
- For example for pfx to cert convert using:
- Import CA signed certificate using import local certificate. Change the type from 'Local certificate' to 'Certificate'. Choose the same CER/PEM file for both certificate and key, if they are both in the same file. Enter desired certificate name.
- Go to VPN->Settings. Select new certificate and click Apply.
- Try to open the URL with FQDN and verify that certificate is opening without any issue.
Refer: