To use ssl/ssh deep inspection I installed downloaded certificate from Forigate (60E) on all computers. That worked fine for a while.
And now, I replaced the Fortigate unit with a new one (80F). Is there any possibility simple to copy the certificate from the my old Fortigate to the new one, so that I don't have to install the new certificate again on all computers? How to do that? Thanks!
Hi Sinisanedved,
Suppose that you had generated your CA:True certificate from your own CA and you had previously imported that into the FG-60E. And that the certificate is saved as a local certificate. You can export that certificate to a tftp server using this command:
# exec vpn certificate local export tftp SigningAuth p12 SigningAuth.p12 <tftp server IP address>
This exports the certificate and private key in .p12 format, which you can then use to import into your new FortiGate.
1. Go to System > Certificates > Create/Import > Certificate.
2. Select Import Certificate.
3. Set type to PKCS #12 Certificate.
4. Upload the previously exported file.
5. Enter the password. This would be the original password used when you exported the certificate in you CA server. You still need this to install your certificate.
6. Click Create.
If this is successful, you will end up with the same certificate imported to your Local Certificate store on the FortiGate. You can then use if in your SSL/SS profile for full deep packet inspection.
Instructions for exporting and importing certificates can be found here:
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/278904/export-a-certificate
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/907098/import-a-certificate
