Table of Contents
Advertisement
IPSec VPN
Obtaining a CA certificate
FortiGate-50R Installation and Configuration Guide
3
Enter the path or browse to locate the signed local certificate on the management
computer.
4
Select OK.
The signed local certificate will be displayed on the Local Certificates list with a status
of OK.
For the VPN peers to authenticate themselves to each other, they must both obtain a
CA certificate from the same certificate authority. The CA certificate provides the VPN
peers with a means to validate the digital certificates that they receive from other
devices.
The FortiGate unit obtains the CA certificate in order to validate the digital certificate
that it receives from the remote VPN peer. The remote VPN peer obtains the CA
certificate in order to validate the digital certificate that it receives from the FortiGate
unit.
Note: The CA certificate must adhere to the X.509 standard.
Retrieving a CA certificate
Connect to the CA web server and download the CA certificate to the management
computer.
To retrieve the CA certificate:
1
Connect the CA web server.
2
Follow the CA web server instructions to download the CA certificate.
The File Download dialog will display.
3
Select Save.
4
Save the CA certificate in a directory on the management computer.
Importing a CA certificate
Import the signed local certificate from the management computer to the FortiGate
unit.
To import the CA certificate:
1
Go to VPN > CA Certificates.
2
Select Import.
3
Enter the path or browse to locate the CA certificate on the management computer.
4
Select OK.
The CA will be displayed on the CA Certificates list.
Managing digital certificates
167
Advertisement
Table of Contents
