Fortinet 50A User Manual

Use the following procedure to download a certificate request from the FortiGate unit 
to the management computer.

Go to VPN > Certificates > Local Certificates.

Select Download 

 to download the local certificate to the management computer.

Select Save.

Name the file and save it in a directory on the management computer.

After downloading the certificate request, you can submit it tor your CA so that your 
CA can sign the certificate.

With this procedure, you import the signed local certificate from the management 
computer to the FortiGate unit.

Go to VPN > Certificates > Local Certificates.

Select Import.

Enter the path or browse to locate the signed local certificate on the management 
computer.

Select OK.

The signed local certificate is displayed on the Local Certificates list with a status of 
OK.

When you back up a FortiGate configuration that includes IPSec VPN tunnels using 
certificates, you must also back up the local certificate and private key in a password-
protected PKCS12 file. Before restoring the configuration, you must import the 
PKCS12 file and set the local certificate name to the same that was in the original 
configuration. 

Public Key Cryptography Standard 12 (PKCS12) describes the syntax for securely 
exchanging personal information. 

For the VPN peers to authenticate themselves to each other, they must both obtain a 
CA certificate from the same certificate authority. The CA certificate provides the VPN 
peers with a means to validate the digital certificates that they receive from other 
devices.

Note: Use the execute vpn certificates key CLI command to back up and restore the 
local certificate and private key. For more information, see the FortiGate CLI Reference Guide.