Extracting Private Key from FortiGate Firewall

Why would you need to export the private key when you create a CSR on the FortiGate.  If for instance, you are creating a .CSR to create a wildcard certificate and require the private key to be able to import the wildcard certificate into another server, you would need this.  Additionally, moving certificates from one firewall to another.

Here we are going to first create a CSR on the Fortigate.  You will need to have Certificates turned on under the Feature Visibility section.

Once you have enabled Certificate in the Feature Visibility, you will be able to click on the Create/Import tab at the top.  Then choose Generate CSR

Fill in the pertinent information for your CSR and add a password.

Once you are done, you should see your certificate listed with a status of pending.

Now, we are going to launch the CLI Console (or you can SSH separately to the FortiGate)

You are going to change your context to the vpn certificate local as above.  The next step will show you the private key.

Run the show full and it will display the private key