Importing Signed Certificates - Fortinet FortiGate FortiGate-1000A Administration Manual

VPN

Importing signed certificates

FortiGate-1000A/FA2 Administration Guide
Figure 144:Generating a certificate signing request
Certification Name
Subject Information
Organization Unit
Organization
Locality (City)
State/Province
Country
e-mail
Key Type
Key Size
Your CA will provide you with a signed certificate to install on the FortiGate unit. When
you receive the signed certificate from the CA, save the certificate on a PC that has
management access to the FortiGate unit.
01-28011-0254-20051115
Type a certificate name. Typically, this would be the name of the
FortiGate unit.
Enter the information needed to identify the FortiGate unit. Preferably
use an IP address or domain name. If this is impossible (such as with
a dialup client), use an email address.
• For Host IP, enter the public IP address of the FortiGate unit being
certified.
• For Domain name, enter the fully qualified domain name of the
FortiGate unit being certified. Do not include the protocol
specification (http://) or any port number or path names.
• For E-mail, enter the email address of the owner of the FortiGate
unit being certified. Typically, email addresses are entered only
for clients, not gateways.
Name of your department.
Legal name of your company or organization.
Name of the city or town where the FortiGate unit is installed.
Name of the state or province where the FortiGate unit is installed.
Select the country where the FortiGate unit is installed.
Contact email address. The CA may choose to deliver the digital
certificate to this address.
Only RSA is supported.
Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to
generate but more secure. Not all IPSec VPN products support all
three key sizes.
Certificates
281