Knowledge Base

Solution

Generating a CSR in the FortiGate Web Portal

1. In the administrative web portal select “System” and then “Certificates.” If “Certificates” is not displayed, you may have to enable the option within “Feature Visibility”.
2. Click “Generate” and the “Generate Certificate Signing Request” page will open.
3. Configure the CSR request by filling in the following fields:
   1. Certificate Name – The friendly name for the certificate used in the appliance.
   2. ID Type – The type of ID, “Domain Name” is selected most often.
   3. Domain Name – The common name used for the certificate.
   4. Organization – The name of organization ordering the certificate.
   5. Locality (City) – The name of the city the organization is located in.
   6. State / Province – The name of the state or province the organization is located in.
   7. Country / Region – The name of the country or region the organization is located in.
   8. E-Mail – The organization’s technical contact email address.
   9. Subject Alternative Name – The additional names or SANs that will be used for the certificate.
   10. Password for private key – The password used to access the encrypted private key associated with the CSR.
   11. Key Type – The type of key used for the certificate; “RSA” is selected most often.
   12. Key Size – The size of key used for the certificate; the minimum key size recommend is “2048 Bit.”
   13. Enrollment Method – The type of enrollment method used, “File Based” is recommended.
       
4. Click “OK.”
   
5. The Certificate Name you entered for the CSR will appear in the certificate list with a status of “PENDING.”
   
6. Select the newly created CSR in the certificate list with the “PENDING” status and click “Download” to save the CSR to your computer.
   
7. Use the newly downloaded “.csr” file to upload into CertCentral to request to issue your certificate. Alternatively, you can open the “.csr” file with a text editor to copy and paste the contents of the CSR into CertCentral.