When you are trying to import a Server Certificate generated from a Microsoft IIS server the FortiGate displays the following error message ”Failed to import File”.
To import Certificate in to Forti OS you should have Certificate file and Key file. The first one must contain the private key, the second the certificate required for authentication.
First Export IIS server certificate with Public Key.
To do this open the Certificate go to Details tab, click Copy to File…
During the export wizard choose “Yes, export the private key” option. And save the file with a password.
Now we have to extract certificate file and key file from the above PFX certificate file.
To do this download Open SSL tool (1MB) and Visual C++ 2008 Redistributable Package (1.7 MB).
Now install Visual C++ 2008 Redistributable package and Open SSL tool.
Then open Command prompt and go to OpenSSL installation path. (In my case its C:\OpenSSL-Win32\bin)
Copy above PFX certificate in to C:\OpenSSL-Win32\bin path.
Now run below command: (You have to provide the password given by certificate export wizard)
openssl pkcs12 -in CertName.pfx -nocerts -out Key.pem
Now run below command: (You have to provide the password given by certificate export wizard)
openssl pkcs12 -in CertName.pfx -clcerts -out cert.pem
Finally run below command. (Key.pem is the file which we extracted from first command)
openssl rsa -in key.pem -out server.key
Â
Now you can Import the Certificate file and the Key file into FortiGate.
Go to System -> Certificates -> Local Certificates -> Import Certificate -> Type “Certificate“
Select Certificate File (cert.pem) and Key File (Key.pem) and provide the private key encryption Password.
Click OK.
Leave a Reply