Fortinet 400 220 , Generating the certificate request

220 Fortinet Inc.

Managing digital certificates IPSec VPN

Generating the certificate request

With this procedure, you generate a private and public key pair. The public key is the

base component of the certificate request.

To generate the certificate request:

1Go to VPN > Local Certificates.

2Select Generate.

3Enter a Certificate Name.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and

the special characters - and _. Other special characters and spaces are not allowed.

4Configure the Subject Information that identifies the object being certified.

Preferably use an IP address or domain name. If this is impossible (such as with a

dialup client), use an e-mail address.

5Configure the Optional Information to further identify the object being certified.

6Configure the key.

7Select OK to generate the private and public key pair and the certificate request.

The private/public key pair will be generated and the certificate request will be

displayed on the Local Certificates list with a status of Pending.

Host IP For Host IP, enter the IP address of the FortiGate unit being certified.

Domain Name For Domain name, e nter the fully qualified domain name of the FortiGate

unit being certified. Do not include the protocol specification (http://) or

any port number or path names.

E-Mail For E-mail, enter the email address of the owner of the FortiGate unit

being certified. Typically, e-mail addresses are entered only for clients, not

gateways.

Organization Unit Enter a name that identifies the department or unit within the organization

that is requesting the certificate for the FortiGate unit (such as

Manufacturing or MF).

Organization Enter the legal name of the organization that is requesting the certificate

for the FortiGate unit (such as Fortinet).

Locality Enter the name of the city or town where the FortiGate unit is located

(such as Vancouver).

State/Province Enter the name of the state or province where the FortiGate unit is located

(such as California or CA).

Country Select the country where the FortiGate unit is located.

e-mail Enter a contact e-mail address for the FortiGate unit. Typically, e-mail

addresses are entered only for clients, not gateways.

Key Type Select RSA as the key encryption type. No other key type is supported.

Key Size Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to generate

but more secure. Not all products support all three key sizes.