Fortinet black logo

Cookbook

Getting the certificate signed by a CA

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:530183
Download PDF

Getting the certificate signed by a CA

Trusted private CA:

If you want to use a trusted private CA to sign the certificate, use the CSR to apply for an SSL certificate with your trusted private CA.

FortiAuthenticator:

  1. If you want to use a FortiAuthenticator as a CA to sign the certificate, on the FortiAuthenticator, go to Certificate Management > Certificate Authorities > Local CAs and select Import.
  2. Set Type to CSR to sign, enter a Certificate ID, and import the example-cert.csr file. Make sure to select the Certificate authority from the drop-down menu and set the Hash algorithm to SHA-256.

  3. Once imported, you should see that example_cert has been signed by the FortiAuthenticator, showing a Status of Active, and with the CA Type of Intermediate (non-signing) CA. Highlight the certificate and select Export.

    This will save the example_cert.crt file to your local drive.

Getting the certificate signed by a CA

Trusted private CA:

If you want to use a trusted private CA to sign the certificate, use the CSR to apply for an SSL certificate with your trusted private CA.

FortiAuthenticator:

  1. If you want to use a FortiAuthenticator as a CA to sign the certificate, on the FortiAuthenticator, go to Certificate Management > Certificate Authorities > Local CAs and select Import.
  2. Set Type to CSR to sign, enter a Certificate ID, and import the example-cert.csr file. Make sure to select the Certificate authority from the drop-down menu and set the Hash algorithm to SHA-256.

  3. Once imported, you should see that example_cert has been signed by the FortiAuthenticator, showing a Status of Active, and with the CA Type of Intermediate (non-signing) CA. Highlight the certificate and select Export.

    This will save the example_cert.crt file to your local drive.