Generate a CSR and Install an SSL/TLS Certificate on Fortigate SSL VPN

Time needed: 30 minutes.

This how-to will walk you through generating a certificate signing request (CSR) and installing an SSL/TLS certificate in Fortigate SSL VPN.

1. Make sure that certificates are visible.

   By default, the Certificates option is hidden in the Fortigate GUI. To correct this, navigate to System > Feature Visibilty, make sure that Certificates is enabled, and click the Apply button.

2. Open System > Certificates.

   Navigate to System > Certificates in the menu. If Certificates is not visible, see step 1, above.

3. Click Generate.

   Click Generate to open the Generate Certificate Signing Request page.

4. Configure CSR.

   • Enter a unique name for your certificate in the Certificate Name field.
   • Next to ID Type, select Domain Name and enter the domain name that the certificate is intended to protect.
   • You can enter further information to add to your CSR under Optional Information.
   • Set Key Type to RSA or Elliptic Curve depending on the type of key desired.
   • Set the Key Size. Note that 2048 bits or higher is preferable for RSA keys.
   • Set the Enrollment Method to File Based.
   • Click the OK button.

5. Download CSR.

   The CSR will be added to the list of certificates with a status of PENDING. Select the CSR in the list and click Download to save the file.
6. Order Certificate.

   The next step is to use the CSR to order an SSL/TLS certificate from SSL.com. For full information, please read our how-to on Ordering and Retrieving SSL Certificates.

7. Download certificate.

   Open the certificate order in your SSL.com customer account and click the download link for Apache.
   

8. Unzip file.

   Unzip the downloaded zip file. You should have two .crt files: the end-entity SSL/TLS certificate and intermediate bundle (ca-bundle-client.crt).

9. Login to Fortigate and open System > Certificates.

   Login to your Fortigate and navigate to System > Certificates in the menu.

10. Import SSL/TLS certificate.

    Click Import > CA Certificate, browse to the SSL/TLS certificate, and click OK.

11. Import intermediate certificates.

    Navigate to Import > CA Certificate, browse to the intermediate certificate bundle (ca-bundle-client.crt), and click OK.

12. Configure Fortigate to use your new SSL/TLS certificate.

    Navigate to VPN > SSL > Settings, then select your SSL/TLS certificate from the Connection Settings section of the Server Certificate drop-down menu.

13. Finished!

    You have configured your Fortigate SSL VPN to use your new SSL/TLS certificate.