Appendix F: PKI Authentication : Configuring PKI authentication on FortiMail : Exporting a client certificate
Exporting a client certificate
Use this procedure to export and transmit a client certificate created in “Requesting a client certificate” to the appropriate end-user.
The client certificate must reside in the certificate store of the end-user computer before the end-user can connect to the FortiMail unit using PKI authentication.
To export and transmit the client certificate
1. Open your browser, and select Tools > Internet Options > Content > Certificates.
The Certificates window appears.
2. Select the Personal tab to display a list of the client certificates created in “Requesting a client certificate”.
3. Select a client certificate from the list and click Export to export the certificate.
The Certificate Export Wizard welcome page appears.
4. Click Next to continue from the Certificate Export welcome page.
The Export Private Key window appears.
 
 
You must export the private key at the same time as the certificate. The private key is associated with a specific end-user, and contains information used by the certification authority to authenticate the end-user. Private keys must be password protected, and must be securely transmitted to end-users.
5. Select Yes, export the private key and select Next.
The Export File Format window appears.
6. Select Personal Information Exchange - PKCS #12 (.PFX) as the file format.
7. Select Enable strong protection for the password and select Next.
The Password selection window appears.
8. Enter and confirm a password for the certificate and select Next.
The File name window appears.
9. Enter a unique file name for the certificate and browse to the location where you want to save the exported certificate and private key.
 
For clarity, a consistent naming convention should be used for client certificate names, email account names, PKI user names and recipient base policy names. This will help associate specific users with the various components of PKI authentication.
10. When Completing Certificate Export Wizard appears, click Finish to export the certificate and private key to the location specified in step 9.
The certificate and private key are exported to the specified location as a single file with a .pfx extension.
11. Transmit the certificate .pfx file to the end-user, along with instructions on what the user has to do to install the certificate on their web browser.
12. Proceed to “Importing a client certificate to an end-user browser” to import the certificate .pfx file on the end-user browser.