To generate a Certificate Signing Request (CSR) for FortiGate SSL VPN you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. The CSR public key you will give to a Certificate Authority (CA) for signing and the private key will remain hidden on the FortiGate system where the CSR request is made.
To generate a CSR for FortiGate SSL VPN perform the following.
Step 1: Generating your CSR request:
- Open your FortiGate Management console.
- Click VPN.
- Click Certificates.
- Click Local Certificates.
- Click Generate.
- Under Generate Certificate Signing Request specify the following information.
- Certificate Name: Friendly name to call this certificate Request/Private key.
- Subject Information:
- ID type: From the drop down menu select Domain Name.
- Domain Name: The Fully Qualified Domain Name that the certificate will be issued to and secure. Example: www.mydomain.com
- Optional Information:
Note: This is not “Optional” this information must be specified in order to get a certificate from a CA
- Organisational Unit: The Department within the Organisation. Example: IT
- Organisation: The Registered Organisational Name the certificate belongs to.
- locality/City: The Business registered location (not the actual server location).
- State/Province: The Business registered state or province (Do not abbreviate).
- Country: From the drop down menu select your county.
- Email: Any.
- Subject Alternative Name: No need to include other domains on this CSR if needed you will need to specify it during enrollment.
- Key Type: RSA
- Key Size: select 2048 bits.
- Enrollment Method: Select File Based.
- Click OK.
The CSR will be added to the certificate list with a status of PENDING.
Step 2: Retrieving your CSR request:
- In the Local Certificates page select the new pending CSR you just created.
- Select Download.
- Specify the location file name and path of where you want to store your CSR file.
Your CSR request has been created you will open the file using a text editor (such as notepad) and copy and paste its contents, into the enrollment portal when enrolling for a SSL Certificate.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
FortiGate Support:
For more information refer to FortiGate.
For FortiGate Server Certificate Installation click here.