Uploading a certificate using the GUI

On the System > Certificates page, there are two options to add a certificate: Generate (use a certificate signing request) and Import.

Generate certificate signing request

Certificate signing requests (CSRs) are used to generate a certificate which is then signed by a CA to create a chain of trust. The CSR includes details of the FortiGate (see table below) and its public key. A CSR is not strictly necessary; some CAs allow you to provide the details of the FortiGate manually, but a CSR helps streamline the process. Selecting Generate takes you the Generate Certificate Signing Request page to enter the following information:

Certificate Name

Enter the certificate name; this is how it will appear in the Local Certificates list.

Subject Information

Specify an ID type: IP, domain name (FQDN), or email address.

Optional Information

Although listed as optional, we recommended entering the information for each field in this section.

If you are generating a CSR for a third-party CA, you need to insure that these values reflect those listed for your company or organization at said certificate authority. If you are generating a certificate for a Microsoft CA, you need to check with the administrator regarding these values.

Organization Unit

Enter the name of the organizational unit under which the certificate will be issued.