Fortinet 305 FortiWeb 5.0 Patch 6 Administration Guide
14.Click Next.
The File to Export step appears.
15.In File name, enter a unique file name for the certificate, then click Browse to specify the
location where you want to save the exported certificate and private key.
Use a consistent naming convention. This will minimize the likelihood that you confuse one
person’s private key with another’s, deliver it to the wrong person, and therefore need to
revoke the corresponding certificate and generate a new one.
16.Click Finish to export the certificate and private key.
The certificate and private key are exported in a single file with a .pfx file extension to the
location specified in step 15.
If the export is successful, a notice appears.
17.Click OK.
18.Securely transmit both the .pfx file and its password to the end-user, along with instructions
on how to install the certificate in his or her web browser’s trust store.
For example, you could give him or her a USB key in person and instruct the end-user to
double-click the file, or install the .pfx in a Microsoft Active Directory roaming profile. See
also “Example: Importing the personal certificate & private key to a client’s trust store on
Microsoft Windows 7” on page 307.
Only provide the client’s private key to that specific client, and transmit and store any backups
securely, just as you would for passwords. Failure to store it securely and restrict the private key
solely to its intended end-user could allow others to authenticate as that person, compromising
the security of your web sites. In the event of potential private key compromise, immediately
revoke the corresponding personal certificate. See “Revoking certificates” on page 318.