This article provides quick instructions on how to install an SSL Certificate in FortiGate. In the final section, we’ve also included tips on where to buy the best SSL Certificate for FortiGate.
If you’ve already applied for your SSL Certificate and obtained the necessary SSL files, skip the CSR generation part and jump straight into the installation instructions.
Table of contents
- Generate a CSR code on FortiGate
- Install an SSL Certificate on FortiGate
- Test your SSL installation
- Where to buy the best SSL Certificate for FortiGate?
Generate a CSR code on FortiGate
CSR stands for Certificate Signing Request, a block of encoded text with your contact details inside. The Certificate Authorities use the CSR code to verify your credentials before they can approve your SSL request.
Along with the CSR code, you will also create your Private Key. The CSR and Private Key form the SSL certificate key pair. To generate the CSR code on FortiGate, you have two options:
- Generate the CSR automatically using our CSR Generator.
- Follow our step-by-step tutorial on how to create the CSR on FortiGate.
Install an SSL Certificate on FortiGate
After your CA sends your signed SSL Certificate, download the ZIP folder and extract the contents on your device. If you’ve generated the CSR code on FortiGate, your Private Key is already on the FortiGate server.
Please, follow the steps below to install your SSL certificate:
- Open your primary and intermediate certificates
- Copy and paste their contents into separate Notepad files and save them with .crt extension. Copy the encrypted certificate text, with the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags.
- Log into your FortiGate control panel
- Navigate to System > Certificates and select Import > Local Certificate
- Browse your primary certificate and click OK. The status of your certificate should change from PENDING to OK
- Next, import your intermediate certificate. Go to System > Certificates and select Import > CA Certificate
- Browse your intermediate certificate and click OK. You should see your intermediate CA in the CA Certificates list
- Now, click on VPN > SSL > Settings
- In the Connection Settings pane, under the Server Certificate drop-down menu, select the SSL certificate you’ve just installed and click Apply.
Congratulations, you’ve successfully installed an SSL certificate on the FortiGate VPN system.
Test your SSL installation
After you install the SSL Certificate on FortiGate, you should run an SSL scan to look for potential errors. For more info, check our article on the best SSL tools for testing an SSL Certificate.
Where to buy the best SSL Certificate for FortiGate?
At SSL Dragon, we offer you incredibly low prices across the entire range of SSL products. All our certificates are compatible with FortiGate. Below are the types of SSL certificates available at SSL Dragon:
You can find the best SSL Certificate for your project and budget with the help of our exclusive SSL tools. The SSL Wizard recommends the best certificates for your project. And with the Advanced Certificate Filter, you can sort and compare different certificates by price, validation, and features.
1. How do I check my FortiGate SSL certificate?
You can check your SSL certificate via the diagnose command. Once you enable this debug command, verify the certificate on FortiGate by accessing the server. If you get the “auth_cert_succeed” result, your SSL certificate is valid.
2. How do I download certificates in the FortiGate firewall?
Navigate to System Settings > Certificates > Local Certificates. Select the certificate that you want to download. Click Download in the toolbar or right-click, select Download, and save the certificate to the computer.
3. Where are Certificates in FortiGate?
Navigate to System Settings > Certificates > Local Certificates. Select the certificates you want to inspect, then click View Certificate Detail in the toolbar or right-click the menu.
4. What is FortiGate SSL?
SSL or Client VPNs enable VPN access to users without an enterprise firewall, such as remote workers and virtual assistants.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.