Web Analytics

Generate a CSR and Install an SSL/TLS Certificate on Fortinet Fortigate SSL VPN


Time needed: 30 minutes

This how-to will walk you through generating a certificate signing request (CSR) and installing an SSL/TLS certificate in Fortinet Fortigate SSL VPN.

  1. Make sure that certificates are visible.

    By default, the Certificates option is hidden in the Fortigate GUI. To correct this, navigate to System u003e Feature Visibilty, make sure that Certificates is enabled, and click the Apply button.

  2. Open System u003e Certificates.

    Navigate to System u003e Certificates in the menu. If Certificates is not visible, see step 1, above.

  3. Click Generate.

    Click Generate to open the Generate Certificate Signing Request page.

  4. Configure CSR.

    • Enter a unique name for your certificate in the Certificate Name field.
    • Next to ID Type, select Domain Name and enter the domain name that the certificate is intended to protect.
    • You can enter further information to add to your CSR under Optional Information.
    • Set Key Type to RSA or Elliptic Curve depending on the type of key desired.
    • Set the Key Size. Note that 2048 bits or higher is preferable for RSA keys.
    • Set the Enrollment Method to File Based.
    • Click the OK button.

  5. Download CSR.

    The CSR will be added to the list of certificates with a status of PENDING. Select the CSR in the list and click Download to save the file.

  6. Order Certificate.

    The next step is to use the CSR to order an SSL/TLS certificate from SSL.com. For full information, please read our how-to on Ordering and Retrieving SSL Certificates.

  7. Download certificate.

    Open the certificate order in your SSL.com customer account and click the download link for Apache.
    Apache Download

  8. Unzip file.

    Unzip the downloaded zip file. You should have two .crt files: the end-entity SSL/TLS certificate and intermediate bundle (ca-bundle-client.crt).

  9. Login to Fortigate and open System u003e Certificates.

    Login to your Fortigate and navigate to System u003e Certificates in the menu.

  10. Import SSL/TLS certificate.

    Click Import u003e CA Certificate, browse to the SSL/TLS certificate, and click OK.

  11. Import intermediate certificates.

    Navigate to Import u003e CA Certificate, browse to the intermediate certificate bundle (ca-bundle-client.crt), and click OK.

  12. Configure Fortigate to use your new SSL/TLS certificate.

    Navigate to VPN u003e SSL u003e Settings, then select your SSL/TLS certificate from the Connection Settings section of the Server Certificate drop-down menu.

  13. Finished!

    You have configured your Fortinet Fortigate SSL VPN to use your new SSL/TLS certificate.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.