Simple SSL/TLS Installation Instructions for FortiGate

FortiGate firewalls are the next generation of firewalls by Fortinet, one of the leading names in the cybersecurity industry. Thanks to the growing trend of working remotely as well as rising cyber-threats, many are looking to secure their communication through SSL VPN. And do you know what you need for an SSL VPN? Yes, you guessed it right – an SSL certificate.

fortigate ssl vpn security

So, without wasting much time let’s get straight to the SSL Installation procedure in FortiGate. Fundamentally, any SSL installation process can be divided into five steps, and FortiGate is no different. Here are the five steps:

  • Step 1: Purchasing an SSL certificate package from a Certificate Authority (CA)
  • Step 2: Generating a Certificate Signing Request (CSR)
  • Step 3: Setting up the SSL certificate
  • Step 4: Importing the certificate
  • Step 5: Configuring the device

We assume that you’re done with the first step (if you aren’t, check out our awesome product selection). So, let’s start with the second step, that is generating a CSR for FortiGate.

Buy Cheap Wildcard SSL Certificates

Generate your CSR

Now there are two options for you here – boring OpenSSL commands and our blazing fast, super-easy CSR Generation tool. The second option sounds better. (No, YOU’RE biased!) So, go straight to our CSR Generator and generate one for your FortiGate Firewall. Verify every detail you before you press the ‘GENERATE CSR’ tool. If anything goes wrong, you’ll have to do it all over again.

Save your certificate files in your preferred location

Based on your certificate issuing authority, you’ll most likely have received the certificate files through e-mail. So, save those files on your system if you haven’t. You should also extract these files if they are in a compressed format.

Import your local SSL Certificate

There’d be two certificate files – a bundle (intermediate) certificate and a local certificate.

  • First, log in to your FortiGate system
  • Go to System > Certificates
  • Now go to Import > Local Certificate and browse the path at which you had saved your certificate files
  • Click on OK

Now the status of the certificate will have changed from PENDING to OK.

Import your CA/Intermediate/Bundle certificate

Repeat the above process by going to Import > CA Certificate and import your CA/Intermediate/Bundle certificate.

Configure FortiGate

  • First, log in to your FortiGate unit and go to VPN > SSL > Settings
  • Look for the Connection Settings section and find the Server Certificate field
  • In the drop-down select the certificate you want to install
  • Click on Apply

Save 88% on SSL Certificates

Secure a website with trusted and world-class SSL security certificates. Get an SSL certificate from the best SSL brands like Comodo, GeoTrust, Thawte, Sectigo, Symantec, RapidSSL, and DigiCert.

Buy Comodo SSL Certificates at $5.45/Yr – Save 89%

Important Resources

Related Posts


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.