Table of Contents
Advertisement
Local Certificates
Downloading and submitting a certificate request
312
Key Type
Key Size
Enrollment Method
File Based
Online SCEP
You have to fill out a certificate request and generate the request before you can
submit the results to a CA. For more information, see
request" on page
310.
To download and submit a certificate request
1
Go to VPN > Certificates > Local Certificates.
2
In the Local Certificates list, select the Download icon in the row that corresponds
to the generated certificate request.
3
In the File Download dialog box, select Save to Disk.
4
Name the file and save it to the local file system.
5
Submit the request to your CA as follows:
•
Using the web browser on the management computer, browse to the CA web
site.
•
Follow the CA instructions to place a base-64 encoded PKCS#12 certificate
request and upload your certificate request.
•
Follow the CA instructions to download their root certificate and Certificate
Revocation List (CRL), and then install the root certificate and CRL on each
remote client (refer to the browser documentation).
6
When you receive the signed certificate from the CA, install the certificate on the
FortiGate unit. See
"Importing a signed server certificate" on page
Only RSA is supported.
Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are
slower to generate but they provide better security.
Select File Based to generate the certificate request.
Select Online SCEP to obtain a signed SCEP-based
certificate automatically over the network.
CA Server URL: Enter the URL of the SCEP server from
which to retrieve the CA certificate.
Challenge Password: Enter the CA server challenge
password.
"Generating a certificate
FortiGate Version 3.0 MR4 Administration Guide
VPN Certificates
313.
01-30004-0203-20070102
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
