Fortigate: Installing SSL Certificate for SSL-VPN Guide

INSTALLING A NEW SSL-VPN CERTIFICATE (To Renew Certificate, see separate article here)

  1. Generate a new CSR  to be signed by the CA
    • Under System -> Certificates -> GenerateCreate a new Certificate Name
      Populate OU, Organization, City, Country and Email Address
    • ssl-1
  2.  Download the .CSR file
    • Go back to Certificates page, Highlight the new Certificate Name you just created and click ‘download’
    • Send CSR to your CA  for signing and to generate Certificate file.
  3. Once cert is generated. Import the cert file.
  4. Send CSR to your CA  for signing and to generate Certificate file.
    1.  Under  Import -> Local Certificate
      ssl-2Once imported, it will show up on the list. With CN details and with status OK (not shown on screenshot)


Status OK means your cert is ready and ready to be associated to your SSL-VPN.

5. Apply the certificate to the SSL-VPN.

Go to VPN -> SSL -. Settings

Select the new certificate


And you are good to go.

TIP: Always a good practice to use FQDN rather than IP Address .

Using IP Address will return to you with this error message as the VPN is not associated with the certificate which is annoying. (unless you associate the cert with the IP Address, of course)



Coming Next: Guide on renewing SSL certficate for VPN via CLI


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s