Example — Generate a CSR on the FortiGate unit
This example follows all the steps required to create and install a local certificate on the FortiGate unit, without using CA software.
The FortiGate unit is called myFortiGate60, and is located at 10.11.101.101 (a private IP address) and http://myfortigate.example.com. Mr. John Smith (john.smith@myfortigate.example.com) is the IT administrator for this FortiGate unit,a nd the unit belongs to the Sales department located in Greenwich, London, England.
To generate a certificate request on the FortiGate unit - web-based manager
1. Go to System > Certificates > Local Certificates.
2. Select Generate.
3. In the Certificate Name field, enter myFortiGate60.
| Do not include spaces in the certificate name. This will ensure compatibility of a signed certificate as a PKCS12 file to be exported later on if required. |
Since the IP address is private, we will use the FQDN instead.
4. Select Domain Name, and enter http://myfortigate.example.com.
5. Enter values in the Optional Information area to further identify the FortiGate unit.
Organization Unit | Sales |
Organization | Example.com |
Locality (City) | Greenwich |
State/Province | London |
Country | England |
e-mail | john.smith@myfortigate.example.com |
6. From the Key Size list, select 2048 Bit or the most secure option available to you.
7. In Enrollment Method, select File Based to generate the certificate request
8. Select OK.
The request is generated and displayed in the Local Certificates list with a status of pending.
9. Select the Download button to download the request to the management computer.
10. In the File Download dialog box, select Save and save the Certificate Signing Request on the local file system of the management computer.
11. Name the file and save it on the local file system of the management computer.