Time needed: 30 minutes.
This how-to will walk you through generating a certificate signing request (CSR) and installing an SSL/TLS certificate in Fortigate SSL VPN.
- Make sure that certificates are visible.
By default, the Certificates option is hidden in the Fortigate GUI. To correct this, navigate to System > Feature Visibilty, make sure that Certificates is enabled, and click the Apply button.
- Open System > Certificates.
Navigate to System > Certificates in the menu. If Certificates is not visible, see step 1, above.
- Click Generate.
Click Generate to open the Generate Certificate Signing Request page.
- Configure CSR.
• Enter a unique name for your certificate in the Certificate Name field.
• Next to ID Type, select Domain Name and enter the domain name that the certificate is intended to protect.
• You can enter further information to add to your CSR under Optional Information.
• Set Key Type to RSA or Elliptic Curve depending on the type of key desired.
• Set the Key Size. Note that 2048 bits or higher is preferable for RSA keys.
• Set the Enrollment Method to File Based.
• Click the OK button. - Download CSR.
The CSR will be added to the list of certificates with a status of PENDING. Select the CSR in the list and click Download to save the file.
- Order Certificate.
The next step is to use the CSR to order an SSL/TLS certificate from SSL.com. For full information, please read our how-to on Ordering and Retrieving SSL Certificates.
- Download certificate.
Open the certificate order in your SSL.com customer account and click the download link for Apache.
- Unzip file.
Unzip the downloaded zip file. You should have two
.crt
files: the end-entity SSL/TLS certificate and intermediate bundle (ca-bundle-client.crt
). - Login to Fortigate and open System > Certificates.
Login to your Fortigate and navigate to System > Certificates in the menu.
- Import SSL/TLS certificate.
Click Import > CA Certificate, browse to the SSL/TLS certificate, and click OK.
- Import intermediate certificates.
Navigate to Import > CA Certificate, browse to the intermediate certificate bundle (
ca-bundle-client.crt
), and click OK. - Configure Fortigate to use your new SSL/TLS certificate.
Navigate to VPN > SSL > Settings, then select your SSL/TLS certificate from the Connection Settings section of the Server Certificate drop-down menu.
- Finished!
You have configured your Fortigate SSL VPN to use your new SSL/TLS certificate.