Device-Local Certificate Expired
(2024-02-08)
Problem
The local, internally generated certificate that the Fortigate presents for various things has expired.
Solution
# execute vpn certificate local generate default-ssl-key-certs
Are you sure to re-generate the default RSA, DSA, ECDSA and EdDSA key certs for ssl resign?
Do you want to continue? (y/n)y
Other options along the same lines
| Option | Does |
|---|---|
| cmp | Generate a certificate request over CMPv2. |
| default-ssl-ca | Generate the default CA certificate used by SSL Inspection. |
| default-ssl-ca-untrusted | Generate the default untrusted CA certificate used |
| by SSL Inspection. | |
| default-ssl-key-certs | Generate the default RSA, DSA and ECDSA key certs for |
| ssl resign. | |
| default-ssl-serv-key | Generate the default server key used by SSL Inspection. |
| ec | Generate an elliptic curve certificate request. |
| rsa | Generate a RSA certificate request. |
(Source)