FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcapecchi
Staff
Staff
Article Id 193188
Description
The FortiOS firmware, used on FortiGate units, does not support 40-bit RC2-CBC encryption for Certificates.

If Certificates have been created using this encryption, then any such certificate must be rebuild using the openssl command, to allow its use on the FortiGate unit, running the FortiOS firmware. 

Solution
1. Split your public and private key in two parts:
 
# openssl pkcs12 -in x.pfx -info

where x.pfx is the certificate.

2. Then, reformat the certificate in 3DES using this command:
 
# openssl pkcs12 -export -out x.p12 -in x.crt -inkey x.key -descert

The parameter "-descert" allows to encrypt the cert with "3DES" encryption type.

By default, the software encrypts using the "rc2-40", so it is very important to use parameter "-descert".



Contributors