IPSec VPN Obtaining a CA certificate
FortiGate-100 Installation and Configuration Guide 195
3 Enter the path or browse to locate the signed local certificate on the management
computer.
4 Select OK.
The signed local certificate will be displayed on the Local Certificates list with a status
of OK.
Obtaining a CA certificate
For the VPN peers to authenticate themselves to each other, they must both obtain a
CA certificate from the same certificate authority. The CA certificate provides the VPN
peers with a means to validate the digital certificates that they receive from other
devices.
The FortiGate unit obtains the CA certificate in order to validate the digital certificate
that it receives from the remote VPN peer. The remote VPN peer obtains the CA
certificate in order to validate the digital certificate that it receives from the FortiGate
unit.
Retrieving a CA certificate
Connect to the CA web server and download the CA certificate to the management
computer.
To retrieve the CA certificate:
1 Connect the CA web server.
2 Follow the CA web server instructions to download the CA certificate.
The File Download dialog will display.
3 Select Save.
4 Save the CA certificate in a directory on the management computer.
Importing a CA certificate
Import the signed local certificate from the management computer to the FortiGate
unit.
To import the CA certificate:
1 Go to VPN > CA Certificates.
2 Select Import.
3 Enter the path or browse to locate the CA certificate on the management computer.
4 Select OK.
The CA will be displayed on the CA Certificates list.
Note: The CA certificate must adhere to the X.509 standard.