FortiGate : SSL Certification Private Key Export

Author
harith7
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/14 07:06:54
  • Status: offline
2017/11/14 07:11:07 (permalink) 5.4
0

FortiGate : SSL Certification Private Key Export

Hello Everyone,
 
This is probably a common issue, but it's kind of urgent.
 
I configured a CSR from Fortigate to purchase an SSL Certificate.
 
All good so far, i managed to install the certificate. But i want to use it in other servers, so i need the private key.
 
Throught CLI, i found the private key but it's encrypted. the commande "unset password" doesnt work apparently in the 5.4 FortiOS.
 
What are my options ? can i export the certificate/key in another Fortigate (4.0 ?) and try to unset the password ? any other solution ? 
 
Thank's  
#1

2 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 4360
    • Scores: 249
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: FortiGate : SSL Certification Private Key Export 2017/11/14 08:59:44 (permalink)
    0
    You need to use the show full command
     
    cli
    show full config vpn cert local
    It should show the certificate  PEM format and KEY. Just copy out the cert+key and use openssl to check modulus if you want to be sure it's correct
     
     
    e.g
     
    openssl  x509 -in <certfile> -noout -modulus | openssl md5
    openssl  rsa -in <privkeyfile> -noout -modulus | openssl md5
     
    You could also use sha1
     
     
    openssl  x509 -in <certfile> -noout -modulus | openssl sha1
    openssl  rsa -in <privkeyfile> -noout -modulus | openssl sha1
     
     
    If the values matches, than  cert+key are a matching pair. if you want to build a pfx
     
     
    openssl  pkcs12 -export -in <certfile> -inkey <keyfile> -out  mynew.pfx
     
     
    ;)
     
    Ken
     
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #2
    harith7
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/11/14 07:06:54
    • Status: offline
    Re: FortiGate : SSL Certification Private Key Export 2017/11/14 09:09:18 (permalink)
    0
    Thank's for your reply.
     
    When i show the full-conf vpn cert local, i got this (it's not the full syntax, just the preview):
     
    edit "portail alamana"
            set password ENC K1GqerTVAukDMIEgsSEYsjD59ziQU766Jue4Em9J7tVWFRh5+CbfA.....
            set comments ''
            set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
    MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIlsbBHVI02KACAggA
    MBQGCCqGSIb3DQMHBAjvMDKXJmmMEQSCBMhQ0P7hOK2McnBExDGrIJiHdBgfCa6h
    dHNKDJUeMIT9nVirYq5+56Nr64SXigPOJIaxEsOaFD05TuJouFWhtmWGqmAI8y8Y
    u1dQy9r+8+wrzJs5yrtqupuwMj9/MWtZQSdHTyoDD/DJIT7537vUXAUryZUDnpms
    VhLwrQJWixD/piKWoeDWpT6u79lHHRh8kmN3qiaEK8+cYQ15jOCi9/AmOWPAzieJ
    --More--          0MyurtJMGGjNuD+/9zkAcwKMI
     
    The private key is apparently Encrypted. Will it work with Openssl ? even without the decrypted password ?
     
    #3
    Jump to:
    © 2017 APG vNext Commercial Version 5.5