This article provides quick instructions on how to generate a CSR Code and install an SSL Certificate on FortiGate. In the final two sections, we’ve also included a brief history of FortiGate, as well as tips on where to buy the best SSL Certificate for FortiGate.
If you’ve already applied for your SSL Certificate and obtained the necessary SSL files, skip the CSR generation part and jump straight into the installation instructions.
Generate a CSR code on FortiGate
You can’t buy an SSL Certificate without generating a CSR code first. CSR stands for Certificate Signing Request, a block of encoded text with your contact details inside. The Certificate Authorities use the CSR code to verify your credentials before they can approve your SSL request.
Along with the CSR code, you will also create your Private Key. The CSR and Private Key form the SSL certificate key pair. To generate the CSR code on FortiGate, please follow the steps below:
- Log into your FortiGate Management Console
- Go to VPN > Certificates > Local Certificates and hit Generate
- On the Generate Certificate Request page, submit the following information that applies to you:
- Certificate Name: give a friendly name to your CSR/Private key files
- ID type: from the drop-down list choose Domain Name
- Domain Name: enter the FQDN (fully-qualified domain name) you intend to secure with an SSL Certificate. For example, yourdomain.com
Note: You must fill in the Optional Information fields to obtain a certificate from your CA
- Organizational unit: this is the department within your company responsible for the SSL Certificate. Usually, it’s IT or Web Administration
- Organization: enter the full legal name of your company. For instance, Your Company LLC
- Locality (City): specify the city where your company is officially registered
- State/Province: name the state where your company is located
- Country: select your country from the drop-down list
- Email: provide a valid email address
- SAN: you can leave this field blank. If you want to secure multiple domains, you will specify them during enrollment
- Key Type: from the drop-down list select RSA
- Key Size: from the drop-down list select 2048 bits
- Enrollment method: select the File Based option
- Verify the info you’ve just submitted and click OK
- Your CSR will be added to the certificate list with the status PENDING
- Navigate to the Local Certificates page
- Select the PENDING CSR you’ve just generated and click Download
- Save the CSR file in any directory of your choice. You can now open it with any text editor (e.g., Notepad) and copy-paste its contents, including the BEGIN and END tags during your SSL order.
Install an SSL Certificate on FortiGate
After your CA sends your signed SSL Certificate to your inbox, download the ZIP folder and extract the SSL files on your device. If you’ve generated the CSR code on FortiGate, your Private Key is already on the FortiGate server. Please, follow the steps below to install your SSL certificate:
- Prepare your primary and intermediate certificates
- Copy and paste the contents of your primary and intermediate certificates into separate Notepad files and save them with .crt extension. When copying the encrypted certificate text, don’t forget the BEGIN and END tags as well
- Log into your FortiGate dashboard
- Navigate to System > Certificates and select Import > Local Certificate
- Browse your primary certificate and click OK. The status of your certificate should change from PENDING to OK
- Next, import your intermediate certificate. Go to System > Certificates and select Import > CA Certificate
- Browse your intermediate certificate and click OK. You should see your intermediate CA in the CA Certificates list
- Now, click on VPN > SSL > Settings
- In the Connection Settings pane, under the Server Certificate drop-down menu, select the SSL certificate you’ve just installed and click Apply.
Congratulations, you’ve successfully installed an SSL certificate on FortiGate VPN system.
Test your SSL installation
After you install the SSL Certificate on FortiGate, you should run an SSL scan to look for potential errors or vulnerabilities in your configuration. For more info, check our article on the best SSL tools for testing an SSL Certificate.
Fortigate is a product of Fortinet, an American multinational corporation specializing in network security and computer security. Fortigate Firewall was first launched in 2002, with wireless access points, sandboxing, and messaging security added in the following years.
In April 2016, Fortinet began developing its Security Fabric architecture so multiple network security products could communicate as one platform.
In July 2018, the company released FortiGate SD-WAN, its proprietary SD-WAN service.
Where to buy the best SSL Certificate for FortiGate?
SSL Dragon is the only SSL vendor you’ll ever need. We’ve built strong partnerships with the best Certificate Authorities in the industry to offer you incredibly low prices across the entire range of SSL products. All our certificates are compatible with FortiGate. Below are the types of SSL certificates available at SSL Dragon:
- Domain Validation
- Business Validation
- Extended Validation
- Code Signing
- IP Address
You can find the best SSL Certificate for your project and budget with the help of our exclusive SSL tools. The SSL Wizard offers a quick and efficient way to determine the right SSL for you, while the Advanced Certificate Filter allows you to sort and compare different certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.