Import Wildcard certificate into Fortigate 200D
I am currently trying to make my new Wildcard certificate work on my Fortigate 200D cluster. The import of the root bundle and the cert and private key is working as far as I can tell, but I still run into a problem with my certificate chain.
My firmware is: FortiOS 5.2.9
What I have done so far:
1) Created a CSR from a Windows IIS server, had a CA sign it and complete the certificate request on the IIS server.
2) Exported the cert with private key into a .pfx file.
3) Split the .pfx file into two files, cert.crt and privatekey.key
4) Imported the cert.crt and privatekey.key files into the Fortigate using GUI (Global > Certificates > Import > Local Certificate. Choose type "Certificate" and pointed at my cert.crt and privatekey.key files.
5) Imported the root bundle into the Fortigate using GUI (Global > Certificates > Import > CA Certificate. Choose "Local PC" and pointed at my root bundle .crt file.
6) The Fortigate accepts both the cert.crt/privatekey.key and the root bundle.
7) Selected the newly imported certificate for the SSL portal (Virtual Domains > root > VPN > SSL > Settings. Selected the certificate in "Server certificate"
When I browser to my ssl vpn site (https://vpn.mydomain.com)
I do see the new certificate.
But when I test using different ssl checker sites they all report about chain issues.
I followed this guide for importing the CA bundle: http://docs.fortinet.com/uploaded/files/2337/How-To-Buy-&-Import-SSL-Certificate%20-%209.pdf
I followed this guide for spliting and importing the certificate: https://stuff.purdon.ca/?page_id=83
Does anyone have any idea on how to solve the chain issues when using a public signed certificate on the Fortigates?
Thanks in advance!