Hot!cannot generate PCKS#12 from within Fortigate

Author
d4rk_sp1d3r
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/17 22:25:28
  • Status: offline
2018/01/17 22:51:51 (permalink)
0

cannot generate PCKS#12 from within Fortigate

Hi,
 
I hope you can help me with this. SSL inspection requires either PCKS#12 format or other pem with private key and a password. We have an Internal CA in our company which generates x.509 certificate or .pem format.  I cannot find any option in fortigate where i can create a .csr which will require you to use a private key and assign a password. Other servers use openssl to generate a private key and assign a password to create a pem file for a CSR. I saw some tutorial on on fortinet cookbook http://cookbook.fortinet.com/preventing-certificate-warnings/ but seems to require other windows or linux to create the key using openssl . Should the key generation and CSR creation be done within fortigate? I was able to generate a .cer using our internal CA and use the cert for getting the fortigate management web page trusted by browsers. I just want to use our internal CA signed cert to be used in certificate inspection so our browsers will not get any error. We cannot get the fortigate certs in all browsers as we have alot of pc's in our sites.
 
Regards,
 
Ron
#1

2 Replies Related Threads

    dmcquade
    Bronze Member
    • Total Posts : 57
    • Scores: 2
    • Reward points: 0
    • Joined: 2016/10/31 06:21:51
    • Status: offline
    Re: cannot generate PCKS#12 from within Fortigate 2018/01/19 18:39:08 (permalink)
    0
    Generate the csr file on the firewall and have your internal PKI generate a CA cert (CA=true). Export as a .cer file and import into the firewall as a local certificate.
     
    HTH
    d
    #2
    Itzik Sharon
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/06 22:17:05
    • Status: offline
    Re: cannot generate PCKS#12 from within Fortigate 2018/01/21 10:12:36 (permalink)
    0
    Hello, 
     
    Generating the CSR in the Fortigate means the key pairs located inside the Fortigate. you have to get the CSR and send it to the CA admin for issuing. this can be done with certreq -submit command for Microsoft CA. after the CA will sign the CSR the new certificate will be issue. Then you need to export it as a .cer of .der file and import it to the Fortigate.  then you can select the certificate on your SSL inspection engine. 
     
    Regards,
    Itzik Sharon 
     
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5