Import Let’s Encrypt SSL Certificate to FortiGate with CLI

Please refer to steps below on how to import Let’s Encrypt SSL Certificate to FortiGate with CLI

  1. Enable the Certification Tab in GUI
config system global
    set gui-certificates enable
end 

You can import the PFX Certificate to FortiGate with GUI now
FortiVM-SSL-01

  1. You have to separate the PFX to privatekey.pem and publiccert.pem prior importing it to FortiGate using CLI. Do the following on Linux Machine
openssl pkcs12 -in AventisLab.pfx -nocerts -out privatekey.pem
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:

openssl pkcs12 -in AventisLab.pfx -clcerts -nokeys -out publiccert.pem
    Enter Import Password:
    MAC verified OK
  1. Copy the content of privatekey.pem and publiccert.pem and import it to FortiGate
config vpn certificate local
    edit AventisLab.com
        set password P@ssw0rd
        set private key "-----BEGIN ENCRYPTED PRIVATE KEY-----

            -----END ENCRYPTED PRIVATE KEY----- "

        set certificate "-----BEGIN CERTIFICATE-----
            -----END CERTIFICATE-----"
end
  1. Associate the imported Let’s Encrypt SSL Certificate to Admin Portal
config system global
    set admin-server-cert AventisLab.com
end
  1. Login to https://fg60e.aventislab.com:10443 and you should see the Let’s Encrypt Certificate is in used now

FortiVM-SSL-02

Leave a Comment