execute : vpn certificate local export
 
vpn certificate local export
Use this command to export a local certificate from the FortiGate unit to a TFTP server.
Digital certificates are used to ensure that both participants in an IPSec communications session are trustworthy, prior to an encrypted VPN tunnel being set up between the participants. The local certificate is the certificate that the FortiGate unit uses to authenticate itself to other devices.
 
VPN peers must use digital certificates that adhere to the X.509 standard.
Digital certificates are not required for configuring FortiGate VPNs. Digital certificates are an advanced feature provided for the convenience of system administrators. This manual assumes the user has prior knowledge of how to configure digital certificates for their implementation.
Syntax
execute vpn certificate local export tftp <certificate‑name_str> <file‑name_str> <tftp_ip>
 
Variable
Description
export
Export or copy the local certificate from the FortiGate unit to a file on the TFTP server. Type ? for a list of certificates.
<certificate‑name_str>
Enter the name of the local certificate.
To view a list of the local certificates, you can enter:
execute vpn certificate local export tftp ?
<file‑name_str>
Enter the file name on the TFTP server.
<tftp_ip>
Enter the TFTP server address.
Example
Use the following command to export the local certificate request generated in the above example from the FortiGate unit to a TFTP server. The example uses the file name testcert for the downloaded file and the TFTP server address 192.168.21.54.
execute vpn certificate local export branch_cert testcert 192.168.21.54