In this step-by-step tutorial, we will show you how to generate a CSR on FortiGate. Just follow the steps below:
Along with the CSR code, you will also create your Private Key. The CSR and Private Key form the SSL certificate key pair.
To generate the CSR code on FortiGate, please follow the steps below:
- Log into your FortiGate Management Console
- Go to VPN > Certificates > Local Certificates and hit Generate
- On the Generate Certificate Request page, submit the following information that applies to you:
- Certificate Name: give a friendly name to your CSR/Private key files
- ID type: from the drop-down list choose Domain Name
- Domain Name: enter the FQDN (fully-qualified domain name) you intend to secure with an SSL Certificate. For example, yourdomain.com
Note: You must fill in the Optional Information fields to obtain a certificate from your CA
- Organizational unit: this is the department within your company responsible for the SSL Certificate. Usually, it’s IT or Web Administration
- Organization: enter the full legal name of your company. For instance, Your Company LLC
- Locality (City): specify the city where your company is officially registered
- State/Province: name the state where your company is located
- Country: select your country from the drop-down list
- Email: provide a valid email address
- SAN: you can leave this field blank. If you want to secure multiple domains, you will specify them during enrollment
- Key Type: from the drop-down list select RSA
- Key Size: from the drop-down list select 2048 bits
- Enrollment method: select the File Based option
- Verify the info you’ve just submitted and click OK
- Your CSR will be added to the certificate list with the status PENDING
- Navigate to the Local Certificates page
- Select the PENDING CSR you’ve just generated and click Download
- Save the CSR file in any directory of your choice.
You can now open it with any text editor (e.g., Notepad) and copy-paste its contents, including the BEGIN and END tags during your SSL order.
After the CA validates your CSR, it will issue the SSL certificate via email in an archived ZIP folder. Download the folder to your computer and extract its contents. Continue with the Fortigate SSL installation.