Fortinet fortigate-200a Betriebsanweisung
VPN
Certificates
FortiGate-300A Administration Guide
01-28006-0092-20041105
273
Figure 136:Generating a certificate signing request
Installing a signed certificate
Your CA provides you with a digital certificate to install on the FortiGate unit. You must
also obtain and install the CA’s root certificate on the FortiGate unit.
also obtain and install the CA’s root certificate on the FortiGate unit.
Figure 137:Importing a signed certificate
To install a personal or site digital certificate
1
When you receive the digital certificate from the CA, save the certificate on a PC that
has local access to the FortiGate unit.
has local access to the FortiGate unit.
2
On the FortiGate unit, go to VPN > Certificates > Local Certificates.
Certificate Name Type a certificate name.
Subject
Information
Subject
Information
Enter an ID type and the related information for the FortiGate unit being
certified. You can use one of the following three ID types:
If you select Host IP, enter the IP address of the FortiGate unit being
If you select Host IP, enter the IP address of the FortiGate unit being
certified.
If you select Domain Name, enter the fully qualified domain name of the
If you select Domain Name, enter the fully qualified domain name of the
FortiGate unit being certified.
If you select E-Mail, enter the email address of the owner of the FortiGate
If you select E-Mail, enter the email address of the owner of the FortiGate
unit being certified.
Optional
Information
Information
Optionally enter information about your organization to further identify the
FortiGate unit being certified.
Key Type
Only RSA is supported.
Key Size
Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to generate but
more secure. Not all IPSec VPN products support all three key sizes.