Fortinet FortiGate FortiGate-50R Installation And Configuration Manual page 164

Managing digital certificates
164
Generating the certificate request
With this procedure, you generate a private and public key pair. The public key is the
base component of the certificate request.
To generate the certificate request:
1 Go to VPN > Local Certificates.
2 Select Generate.
3 Enter a Certificate Name.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
4 Configure the Subject Information that
Preferably use an IP address or domain name. If this is impossible (such as with a
dialup client), use an e-mail address.
Host IP
Domain Name
E-Mail
5 Configure the Optional Information to
Organization Unit
Organization
Locality
State/Province
Country
e-mail
6 Configure the key
Key Type
Key Size
7 Select OK to generate the private and public key pair and the certificate request.
The private/public key pair will be generated and the certificate request will be
displayed on the Local Certificates list with a status of Pending.
identifies the object being certified.
For Host IP, enter the IP address of the FortiGate unit being certified.
For Domain name, enter the fully qualified domain name of the FortiGate
unit being certified. Do not include the protocol specification (http://) or
any port number or path names.
For E-mail, enter the email address of the owner of the FortiGate unit
being certified. Typically, e-mail addresses are entered only for clients, not
gateways.
further identify the object being certified.
Enter a name that identifies the department or unit within the organization
that is requesting the certificate for the FortiGate unit (such as
Manufacturing or MF).
Enter the legal name of the organization that is requesting the certificate
for the FortiGate unit (such as Fortinet).
Enter the name of the city or town where the FortiGate unit is located
(such as Vancouver).
Enter the name of the state or province where the FortiGate unit is located
(such as California or CA).
Select the country where the FortiGate unit is located.
Enter a contact e-mail address for the FortiGate unit. Typically, e-mail
addresses are entered only for clients, not gateways.
.
Select RSA as the key encryption type. No other key type is supported.
Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are slower to generate
but more secure. Not all products support all three key sizes.
IPSec VPN
Fortinet Inc.