For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 6.4 > Device-Local Certificate Expired

Device-Local Certificate Expired

Created by dave. Last edited by dave, 15 days ago. Viewed 44 times. #2
[diff] [history] [edit] [rdf]
labels
attachments
(2024-02-08)

Problem

The local, internally generated certificate that the Fortigate presents for various things has expired.

Solution

# execute vpn certificate local generate  default-ssl-key-certs
Are you sure to re-generate the default RSA, DSA, ECDSA and EdDSA key certs for ssl resign?
Do you want to continue? (y/n)y

Other options along the same lines

OptionDoes
cmpGenerate a certificate request over CMPv2.
default-ssl-caGenerate the default CA certificate used by SSL Inspection.
default-ssl-ca-untrustedGenerate the default untrusted CA certificate used by SSL Inspection.
default-ssl-key-certsGenerate the default RSA, DSA and ECDSA key certs for ssl resign.
default-ssl-serv-keyGenerate the default server key used by SSL Inspection.
ecGenerate an elliptic curve certificate request.
rsaGenerate a RSA certificate request.

(>>Source)

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt