FortiGate Version 3.0 MR4 Administration Guide
312 01-30004-0203-20070102
Local Certificates VPN Certificates
Downloading and submitting a certificate request
You have to fill out a certificate request and generate the request before you can
submit the results to a CA. For more information, see “Generating a certificate
request” on page 310.
To download and submit a certificate request
1 Go to VPN > Certificates > Local Certificates.
2 In the Local Certificates list, select the Download icon in the row that corresponds
to the generated certificate request.
3 In the File Download dialog box, select Save to Disk.
4 Name the file and save it to the local file system.
5 Submit the request to your CA as follows:
• Using the web browser on the management computer, browse to the CA web
site.
• Follow the CA instructions to place a base-64 encoded PKCS#12 certificate
request and upload your certificate request.
• Follow the CA instructions to download their root certificate and Certificate
Revocation List (CRL), and then install the root certificate and CRL on each
remote client (refer to the browser documentation).
6 When you receive the signed certificate from the CA, install the certificate on the
FortiGate unit. See “Importing a signed server certificate” on page 313.
Key Type Only RSA is supported.
Key Size Select 1024 Bit, 1536 Bit or 2048 Bit. Larger keys are
slower to generate but they provide better security.
Enrollment Method
File Based Select File Based to generate the certificate request.
Online SCEP Select Online SCEP to obtain a signed SCEP-based
certificate automatically over the network.
CA Server URL: Enter the URL of the SCEP server from
which to retrieve the CA certificate.
Challenge Password: Enter the CA server challenge
password.
To Next Page
Loading...
