Fortinet Technologies Inc. Page 94 FortiVoice Enterprise Phone System 4.0.0 Administration Guide
Importing a certificate
You can upload Base64-encoded certificates in either privacy-enhanced email (PEM) or public
key cryptography standard #12 (PKCS #12) format from your management computer to the
FortiVoice unit.
DER encoding is not supported in FortiVoice version 2.0 GA.
Importing a certificate may be useful when:
• restoring a certificate backup
• installing a certificate that has been generated on another system
• installing a certificate, after the certificate request has been generated on the FortiVoice unit
and signed by a certificate authority (CA)
If you generated the certificate request using the FortiVoice unit, after you submit the certificate
request to CA, the CA will verify the information and register the contact information in a digital
certificate that contains a serial number, an expiration date, and the public key of the CA. The
CA will then sign the certificate and return it to you for installation on the FortiVoice unit. To
install the certificate, you must import it. For other related steps, see “Obtaining and installing a
local certificate” on page 90.
If the FortiVoice unit’s local certificate is signed by an intermediate CA rather than a root CA,
before clients will trust the FortiVoice unit’s local certificate, you must demonstrate a link with
trusted root CAs, thereby proving that the FortiVoice unit’s certificate is genuine. You can
demonstrate this chain of trust either by:
• installing each intermediate CA’s certificate in the client’s list of trusted CAs
• including a signing chain in the FortiVoice unit’s local certificate
To include a signing chain, before importing the local certificate to the FortiVoice unit, first open
the FortiVoice unit’s local certificate file in a plain text editor, append the certificate of each
intermediate CA in order from the intermediate CA who signed the FortiVoice unit’s certificate to
the intermediate CA whose certificate was signed directly by a trusted root CA, then save the
certificate. For example, a local certificate which includes a signing chain might use the
following structure:
-----BEGIN CERTIFICATE-----
<FortiVoice unit’s local server certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<certificate of intermediate CA 1, who signed the FortiVoice
certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<certificate of intermediate CA 2, who signed the certificate of
intermediate CA 1 and whose certificate was signed by a trusted
root CA>
-----END CERTIFICATE-----
To import a local certificate
1. Go to System > Certificate > Local Certificate.
2. Click Import.
To Next Page
Loading...
