Import SSL Certificate to FortiGate

Tutorial on how to Import SSL Certificate to FortiGate Firewall

Import SSL Certificate to FortiGate via Web UI

Enable the Certification Tab in GUI from CLI

config system global
    set gui-certificates enable
end 

Login to FortiGate WebUI and go to System – Certificate – Import – Local Certificate. Upload the PFX file with Password to FortiGate

Change the HTTPS Server Certificate to the newly uploaded PFX Certificate in System – Settings

Login to FortiGate WebUI via https://fg60.aventislab.com:10443 to verify the Let’s Encrypt SSL Certificate is in used now.

Import SSL Certificate to FortiGate via CLI

Convert the AventisLab.pfx to AventisLab.key & AventisLab.pem in Linux Machine with OpenSSL installed

# Extract Private Key from PFX 
openssl pkcs12 -in aventislab.pfx -nocerts -out aventislab.key                                                     
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

# Extract Cert from PFX
openssl pkcs12 -in AventisLab.pfx -clcerts -nokeys -out publiccert.pem
Enter Import Password:

Login to FortiGate CLI to paste the content of AventisLab.key & AventisLab.pem*

config vpn certificate local
    edit AventisLab.com
        set password P@ssw0rd
        set private key "-----BEGIN ENCRYPTED PRIVATE KEY-----
                <Content of AventisLab.key>
            -----END ENCRYPTED PRIVATE KEY----- "

        set certificate "-----BEGIN CERTIFICATE-----
              <Content of AventisLab.pem>
            -----END CERTIFICATE-----"
end

Change the HTTPS Admin Portal to use the imported Let’s Encrypt SSL Certificate

config system global
    set admin-server-cert AventisLab.com
end

Login to FortiGate WebUI via https://fg60.aventislab.com:10443 to verify the Let’s Encrypt SSL Certificate is in used now.