Redirecting you to
Tech Document Sep 26, 2018

How to Generate Certificate Signing Request on Fortigate SSL VPN

This article will go into detail on how to generate certificate signing request on Fortigate SSL VPN.

To generate a Certificate Signing Request (CSR) for FortiGate SSL VPN you will need to create a key pair for your server the public key and private key.

The CSR need to be provided to a Certificate Authority (CA) for signing and the private key will remain hidden on the FortiGate system where the CSR request is made.

To generate a CSR for FortiGate SSL VPN perform the following.

Step 1: Generating your CSR request:

  1. Open your FortiGate Management console.
  2. Click VPN.
  3. Click Certificates.
  4. Click Local Certificates.
  5. Click Generate.

Under Generate Certificate Signing Request specify the following information.

Certificate Name: Friendly name map the certificate Request/Private key.

Subject Information:

  • ID type: From the drop down menu select Domain Name.
  • Domain Name: The Fully Qualified Domain Name that the certificate will be issued to and secure. Example:
  • Country Name (2 letter code) [AU]: GB
  • State or Province Name (full name) [Some-State]: Yorks
  • Locality Name (eg, city) []: York
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
  • Organizational Unit Name (eg, section) []: IT
  • Common Name (eg, YOUR name) []:
  • Email Address []:

6. Key Type: RSA

7. Key Size: select 2048 bits.

8. Enrollment Method: Select File Based.

9. Select OK to create the CSR.

10. Select the new CSR in the Local Certificates page and select Download to save the CSR to your computer.

The CSR file can be opened in any text editor.