Description
This article describes how to export a local certificate with a private key from the FortiGate.
Scope
This KB is no longer applicable in modern firmware versions. The process below is not available since version 6.0. (private key passwords are not recoverable)
Solution
This solution is based on FortiOS v4.0 MR2 and is valid for any local certificate installed on the FortiGate.
1. Download the local certificate from the GUI. System >Certificates >Local Certificates.
2. To retrieve the private key, connect to the CLI and export the private key:
config vpn certificate local
edit <cert_name>
unset password
set password mysecret <--- enter the password to protect the private key |
3. Copy the string retrieved after running the "set private-key" command on the CLI found between the two double quotes [""] of the "set private-key" command.
4. Create a file with the copied string. The private key must look something as shown below:
|
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9B602B441B083745
qCy4PjkA5pU5lBW9kYQj0LVgtq6ROy32x11XQpXTQY0IhjMw0Tgh5nFu+CLW6z3S
<...truncated for readability...>
u/iQtFf/o5oKZO9RaDp4Ubgrjn1zfCLNtHJZ1aLhxx6QaGAgxVdMew==
-----END RSA PRIVATE KEY-----
|
5. Use the private key and the corresponding certificate in any Fortinet device requiring the certificate.
