.png?height=120&name=advatek_final-updated-blk-1%20(1).png)
You can renew a cert on FortiGate without creating a CSR - If the customer has renewed/ rekeyed - follow this guide
1. Open the NEW .pem or .pfx cert with a text editor – notepad++ – and copy all the text.
You should see -----BEGIN CERTIFICATE---- If you don't see this at the top of the text file then it is in DER format and will need to be in PEM format.
Copy all text. Then log into the FortiGate VIA cli or Putty . Then lets modify the certificate...
For SSLVPN cert
2. In the cli use the following commands
#config vpn certificate local
#edit [certificate name] <--- tab to get to the correct cert name
#set certificate "[PASTE THE TXT YOU COPIED HERE]" <----- the ['] are important see example below
#end
Go To Where the cert is in use e.g. SSL-VPN settings, and change to factory, Save, change back to your cert.
Check in certificated that the cert has a new future date :-)
Example:
(local) # edit server
(server) # set certificate "paste
> mPjDQDYkYHKcTrGa6aH7e1w1uM7kdaBAjyAgM7xcmuTrsCeLYfd+BwIDAQABo4I
TDCCA0gwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIorRWhO7dYIKtkziB9KY0
> -----END CERTIFICATE-----"
If SAML authentication OR Captive Portal is configured
3. Check Settings > User & Authentication Setting and update the certificate to the correct one if required.
For admin HTTPS cert
#config sys global
#set admin-server-cert [name] <--- tab to get to the correct cert
--Then follow the same steps
