Managing digital certificates | IPSec VPN |
|
|
Downloading the certificate request
Use the following procedure to download a certificate request from the FortiGate unit to the management computer.
To download the certificate request
1Go to VPN > Certificates > Local Certificates.
2Select Download to download the local certificate to the management computer.
3Select Save.
4Name the file and save it in a directory on the management computer.
After downloading the certificate request, you can submit it tor your CA so that your CA can sign the certificate.
Importing the signed local certificate
With this procedure, you import the signed local certificate from the management computer to the FortiGate unit.
To import the signed local certificate
1Go to VPN > Certificates > Local Certificates.
2Select Import.
3Enter the path or browse to locate the signed local certificate on the management computer.
4Select OK.
The signed local certificate is displayed on the Local Certificates list with a status of OK.
Backing up and restoring the local certificate and private key
When you back up a FortiGate configuration that includes IPSec VPN tunnels using certificates, you must also back up the local certificate and private key in a password- protected PKCS12 file. Before restoring the configuration, you must import the PKCS12 file and set the local certificate name to the same that was in the original configuration.
Public Key Cryptography Standard 12 (PKCS12) describes the syntax for securely exchanging personal information.
Note: Use the execute vpn certificates key CLI command to back up and restore the local certificate and private key. For more information, see the FortiGate CLI Reference Guide.
244 | Fortinet Inc. |