Obtaining and installing a signed server certificate from an external CA
To obtain a signed server certificate for a FortiGate unit, you must send a request to a CA that provides digital certificates that adhere to the X.509 standard. The FortiGate unit provides a way for you to generate the request.
To submit the certificate signing request (file-based enrollment):
1. Using the web browser on the management computer, browse to the CA web site.
2. Follow the CA instructions for a base-64 encoded PKCS#10 certificate request and upload your certificate request.
3. Follow the CA instructions to download their root certificate and CRL.
When you receive the signed server certificate from the CA, install the certificate on the FortiGate unit.
To install or import the signed server certificate – web-based manager
1. On the FortiGate unit, go to System > Certificates > Import > Local Certificates.
2. From Type, select Local Certificate.
3. Select Browse, browse to the location on the management computer where the certificate was saved, select the certificate, and then select Open.
4. Select OK, and then select Return.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!