Fortinet FortiGate 4000 Betriebsanweisung

Select Import.

Browse to the location on the local PC where the certificate has been saved and 
select the certificate.

Select OK.

After you download the root certificate of the CA, save the certificate on a PC that has 
local access to the FortiGate unit.

On the FortiGate unit, go to VPN > Certificates > CA Certificates.

Select Import.

Browse to the location on the local PC where the certificate has been saved and 
select the certificate.

Select OK.

The system assigns a unique name to each CA certificate. The names are numbered 
consecutively (CA_Cert_1, CA_Cert_2, CA_Cert_3, and so on).

When a VPN peer is configured to authenticate using digital certificates, it sends the 
Distinguished Name (DN) on its certificate to the remote peer. This DN can be used to 
deny VPN access. For example, a FortiGate unit can be configured to deny 
connections to all remote peers except the one having the specified DN. 

If the FortiGate unit participates in a gateway-to-gateway configuration and you want 
both peers to accept reciprocal connections, you must specify the DN of the FortiGate 
unit when you define the phase 1 parameters. 

Use this procedure to enhance access security if you are using digital certificates to 
authenticate peers.

Go to VPN > IPSEC > Phase 1.

Note: Consider backing up the certificate. The file is saved in as a password protected PKCS12 
(Public Key Cryptography Standard 12) file. You can use the backup if you need to restore the 
original. For more information, see