Managing digital certificates

IPSec VPN

 

 

Generating the certificate request

With this procedure, you generate a private and public key pair. The public key is the base component of the certificate request.

To generate the certificate request:

1Go to VPN > Local Certificates.

2Select Generate.

3Enter a Certificate Name.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Configure the Subject Information that identifies the object being certified.

Preferably use an IP address or domain name. If this is impossible (such as with a dialup client), use an e-mail address.

Host IP

For Host IP, enter the IP address of the FortiGate unit being certified.

Domain Name

For Domain name, enter the fully qualified domain name of the FortiGate

 

unit being certified. Do not include the protocol specification (http://) or

 

any port number or path names.

E-Mail

For E-mail, enter the email address of the owner of the FortiGate unit

 

being certified. Typically, e-mail addresses are entered only for clients, not

 

gateways.

5Configure the Optional Information to further identify the object being certified.

Organization Unit

Enter a name that identifies the department or unit within the organization

 

that is requesting the certificate for the FortiGate unit (such as

 

Manufacturing or MF).

Organization

Enter the legal name of the organization that is requesting the certificate

 

for the FortiGate unit (such as Fortinet).

Locality

Enter the name of the city or town where the FortiGate unit is located

 

(such as Vancouver).

State/Province

Enter the name of the state or province where the FortiGate unit is located

 

(such as California or CA).

Country

Select the country where the FortiGate unit is located.

e-mail

Enter a contact e-mail address for the FortiGate unit. Typically, e-mail

 

addresses are entered only for clients, not gateways.

6Configure the key.

Key Type

Select RSA as the key encryption type. No other key type is supported.

Key Size

Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to generate

 

but more secure. Not all products support all three key sizes.

7Select OK to generate the private and public key pair and the certificate request.

The private/public key pair will be generated and the certificate request will be displayed on the Local Certificates list with a status of Pending.

220

Fortinet Inc.

Page 219 Page 221
Page 220
Image 220
Fortinet 400 manual Generating the certificate request, 220, Go to VPN Local Certificates
Page 219 Page 221
Top Page Image Contents