Import Let’s Encrypt SSL Certificate to FortiGate with CLI

Leave a Comment / By /

Please refer to steps below on how to import Let’s Encrypt SSL Certificate to FortiGate with CLI

  1. Enable the Certification Tab in GUI
config system global
    set gui-certificates enable
end

You can import the PFX Certificate to FortiGate with GUI now
FortiVM-SSL-01

  1. You have to separate the PFX to privatekey.pem and publiccert.pem prior importing it to FortiGate using CLI. Do the following on Linux Machine
openssl pkcs12 -in AventisLab.pfx -nocerts -out privatekey.pem
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:

openssl pkcs12 -in AventisLab.pfx -clcerts -nokeys -out publiccert.pem
    Enter Import Password:
    MAC verified OK
  1. Copy the content of privatekey.pem and publiccert.pem and import it to FortiGate
config vpn certificate local
    edit AventisLab.com
        set password P@ssw0rd
        set private key "-----BEGIN ENCRYPTED PRIVATE KEY-----

            -----END ENCRYPTED PRIVATE KEY----- "

        set certificate "-----BEGIN CERTIFICATE-----
            -----END CERTIFICATE-----"
end
  1. Associate the imported Let’s Encrypt SSL Certificate to Admin Portal
config system global
    set admin-server-cert AventisLab.com
end
  1. Login to https://fg60e.aventislab.com:10443 and you should see the Let’s Encrypt Certificate is in used now

FortiVM-SSL-02

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top