SSL / X509 Certificate for FORTIGATE Firewalls
Generate a CSR (Certificate signing request)
To generate a CSR, you have two options:
- Fortigate interface : go to System > Certificates and click on Generate. Fill in the requested fields.
- In "ID Type" select "Domain Name"
- In "Key Size", select 2048 Bit
- In "Enrollment Method", select "File Based"
- Keybot: from the order form, choose the "Automatic" method to generate the CSR, and click on "Generate". On the pop-up that appears, fill in the requested fields and validate. Keybot will offer you to download your private key in .pkey format and send the CSR to our services.
Install / import your certificate
- Access the status page of your certificate at TBS CERTIFICATS (see delivery email), click on the "view certificate" button, then click on the link "View certificate in X509 format with string" and download this file and / or copy all.
- Go to "System > Certificate > Local Certificate", click "import", and select "Local Certificate"

Edit your certificate Authorities
If you imported your certificate without its chain or simply want to edit your certificate authority list, you can add/remove them in the System > Certificate > CA Certificatemenu. You can also consult our root and intermediate certificate lists here.
Certificate activation
Once the certificate is installed, you must configure the appropriate service to use this certificate (SSL VPN, admin access to the interface or other ...).
For SSL VPN access for example, go to VPN > SSL-VPN Settings. Configure the "Set Server Certificate" option on the certificate that has just been installed and click on Apply