This article provides quick instructions on how to generate a CSR Code and install an SSL Certificate on FortiGate. In the final two sections, we’ve also included a brief history of FortiGate, as well as tips on where to buy the best SSL Certificate for FortiGate.

If you’ve already applied for your SSL Certificate and obtained the necessary SSL files, skip the CSR generation part and jump straight into the installation instructions.

Generate a CSR code on FortiGate

CSR stands for Certificate Signing Request, a block of encoded text with your contact details inside. The Certificate Authorities use the CSR code to verify your credentials before they can approve your SSL request.

Along with the CSR code, you will also create your Private Key. The CSR and Private Key form the SSL certificate key pair. To generate the CSR code on FortiGate, please follow the steps below:

  1. Log into your FortiGate Management Console
  2. Go to VPN > Certificates > Local Certificates and hit Generate
  3. On the Generate Certificate Request page, submit the following information that applies to you:
    • Certificate Name: give a friendly name to your CSR/Private key files
    • ID type: from the drop-down list choose Domain Name
    • Domain Name: enter the FQDN (fully-qualified domain name) you intend to secure with an SSL Certificate. For example,

      Note: You must fill in the Optional Information fields to obtain a certificate from your CA

    • Organizational unit: this is the department within your company responsible for the SSL Certificate. Usually, it’s IT or Web Administration
    • Organization: enter the full legal name of your company. For instance, Your Company LLC
    • Locality (City): specify the city where your company is officially registered
    • State/Province: name the state where your company is located
    • Country: select your country from the drop-down list
    • Email: provide a valid email address
    • SAN: you can leave this field blank. If you want to secure multiple domains, you will specify them during enrollment
    • Key Type: from the drop-down list select RSA
    • Key Size: from the drop-down list select 2048 bits
    • Enrollment method: select the File Based option
  4. Verify the info you’ve just submitted and click OK
  5. Your CSR will  be added to the certificate list with the status PENDING
  6. Navigate to the Local Certificates page
  7. Select the PENDING CSR you’ve just generated and click Download
  8. Save the CSR file in any directory of your choice. You can now open it with any text editor (e.g., Notepad) and copy-paste its contents, including the BEGIN and END tags during your SSL order.

Install an SSL Certificate on FortiGate

After your CA sends your signed SSL Certificate, download the ZIP folder and extract the contents on your device. If you’ve generated the CSR code on FortiGate, your Private Key is already on the FortiGate server. Please, follow the steps below to install your SSL certificate:

  1. Open your primary and intermediate certificates
  2. Copy and paste their contents into separate Notepad files and save them with .crt extension. Copy the encrypted certificate text, with the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags.
  3. Log into your FortiGate control panel
  4. Navigate to System > Certificates and select Import > Local Certificate
  5. Browse your primary certificate and click OK. The status of your certificate should change from PENDING to OK
  6. Next, import your intermediate certificate. Go to System > Certificates and select Import > CA Certificate
  7. Browse your intermediate certificate and click OK. You should see your intermediate CA in the CA Certificates list
  8. Now, click on VPN > SSL > Settings
  9. In the Connection Settings pane, under the Server Certificate drop-down menu, select the SSL certificate you’ve just installed and click Apply.

Congratulations, you’ve successfully installed an SSL certificate on the FortiGate VPN system.

Test your SSL installation

After you install the SSL Certificate on FortiGate, you should run an SSL scan to look for potential errors. For more info, check our article on the best SSL tools for testing an SSL Certificate.

FortiGate history

Fortigate is a product of Fortinet, an American multinational corporation specializing in network security and computer security. Fortigate Firewall was first launched in 2002, with wireless access points, sandboxing, and messaging security added in the following years.

In April 2016, Fortinet began developing its Security Fabric architecture so multiple network security products could communicate as one platform.

In July 2018, the company released FortiGate SD-WAN, its proprietary SD-WAN service.

To find the latest FortiGate releases, click here.

Where to buy the best SSL Certificate for FortiGate?

At SSL Dragon, we offer you incredibly low prices across the entire range of SSL products. All our certificates are compatible with FortiGate. Below are the types of SSL certificates available at SSL Dragon:

  • Domain Validation
  • Business Validation
  • Extended Validation
  • Wildcard
  • Multi-Domain
  • Code Signing
  • IP Address
  • Email/Documents

You can find the best SSL Certificate for your project and budget with the help of our exclusive SSL tools. The SSL Wizard recommends the best certificates for your project. And with the Advanced Certificate Filter, you can sort and compare different certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.