Fortinet FortiGate-800 Managing digital certificates, Obtaining a signed local certificate, 242

Managing digital certificates

Use digital certificates to make sure that both participants in an IPSec communication session are trustworthy, prior to setting up an encrypted VPN tunnel between the participants.

Fortinet uses a manual procedure to obtain certificates. This involves copying and pasting text files from your local computer to the certificate authority, and from the certificate authority to your local computer.

•Obtaining a signed local certificate

•Obtaining CA certificates

Note: Digital certificates are not required for configuring FortiGate VPNs. Digital certificates are an advanced feature provided for the convenience of system administrators. This manual assumes the user has prior knowledge of how to configure digital certificates for their implementation.

Obtaining a signed local certificate

The signed local certificate provides the FortiGate unit with a means to authenticate itself to other devices.

Note: The VPN peers must use digital certificates that adhere to the X.509 standard.

Generating the certificate request

With this procedure, you generate a private and public key pair. The public key is the base component of the certificate request.

To generate the certificate request

1Go to VPN > Certificates > Local Certificates.

2Select Generate.

3Type a Certificate Name.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Configure the Subject Information that identifies the object being certified.

Preferably use an IP address or domain name. If this is impossible (such as with a dialup client), use an email address.

5Configure the Optional Information to further identify the object being certified.