DescriptionThe FortiOS firmware, used on FortiGate units, does not support 40-bit RC2-CBC encryption for Certificates.
If Certificates have been created using this encryption, then any such certificate must be rebuild using the openssl command, to allow its use on the FortiGate unit, running the FortiOS firmware.
Solution1. Split your public and private key in two parts:
# openssl pkcs12 -in x.pfx -info
where x.pfx is the certificate.
2. Then, reformat the certificate in 3DES using this command:
# openssl pkcs12 -export -out x.p12 -in x.crt -inkey x.key -descert
The parameter "-descert" allows to encrypt the cert with "3DES" encryption type.
By default, the software encrypts using the "rc2-40", so it is very important to use parameter "-descert".