Home » How-Tos » Certificate Type » SSL/TLS » Generate a CSR and Install an SSL/TLS Certificate on Fortigate SSL VPN

Generate a CSR and Install an SSL/TLS Certificate on Fortigate SSL VPN

SSL Support Team
May 18, 2020
Certificate Installation, CSR Creation, Other, SSL/TLS
Fortigate, Fortinet

Time needed: 30 minutes.

This how-to will walk you through generating a certificate signing request (CSR) and installing an SSL/TLS certificate in Fortigate SSL VPN.

Make sure that certificates are visible.
By default, the Certificates option is hidden in the Fortigate GUI. To correct this, navigate to System > Feature Visibilty, make sure that Certificates is enabled, and click the Apply button.
Open System > Certificates.
Navigate to System > Certificates in the menu. If Certificates is not visible, see step 1, above.
Click Generate.
Click Generate to open the Generate Certificate Signing Request page.
Configure CSR.
• Enter a unique name for your certificate in the Certificate Name field.
• Next to ID Type, select Domain Name and enter the domain name that the certificate is intended to protect.
• You can enter further information to add to your CSR under Optional Information.
• Set Key Type to RSA or Elliptic Curve depending on the type of key desired.
• Set the Key Size. Note that 2048 bits or higher is preferable for RSA keys.
• Set the Enrollment Method to File Based.
• Click the OK button.
Download CSR.
The CSR will be added to the list of certificates with a status of PENDING. Select the CSR in the list and click Download to save the file.
Order Certificate.
The next step is to use the CSR to order an SSL/TLS certificate from SSL.com. For full information, please read our how-to on Ordering and Retrieving SSL Certificates.
Download certificate.
Open the certificate order in your SSL.com customer account and click the download link for Apache.
Unzip file.
Unzip the downloaded zip file. You should have two .crt files: the end-entity SSL/TLS certificate and intermediate bundle (ca-bundle-client.crt).
Login to Fortigate and open System > Certificates.
Login to your Fortigate and navigate to System > Certificates in the menu.
Import SSL/TLS certificate.
Click Import > CA Certificate, browse to the SSL/TLS certificate, and click OK.
Import intermediate certificates.
Navigate to Import > CA Certificate, browse to the intermediate certificate bundle (ca-bundle-client.crt), and click OK.
Configure Fortigate to use your new SSL/TLS certificate.
Navigate to VPN > SSL > Settings, then select your SSL/TLS certificate from the Connection Settings section of the Server Certificate drop-down menu.
Finished!
You have configured your Fortigate SSL VPN to use your new SSL/TLS certificate.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Name	Provider	Purpose	Expiration
Google Analytics	Google	Collect anonymous information such as the number of visitors to the site, and the most popular pages.	365 days
StatCounter Analytics	StatCounter	Collect anonymous information such as the number of visitors to the site, and the most popular pages.	365 days

SSL/TLS Certificates

Code Signing Certificates

Email, Client, and Document Signing Certificates

NAESB Certificates

Content Delivery Network (CDN)

Generate a CSR and Install an SSL/TLS Certificate on Fortigate SSL VPN

SSL Support Team

Related How Tos

Subscribe to SSL.com’s Newsletter

What is SSL/TLS?

Subscribe To SSL.com’s Newsletter

certificates

support

programs

company