I have finally figured out how to export Private Key from Fortigate firewall and successfully install Godaddy Wildcard SSL certificate in UniFi Cloud Key Gen 2 Plus Network Controller

Turritopsis Dohrnii Teo En Ming tdtemccnp at gmail.com
Wed Oct 26 13:50:32 UTC 2022


Subject: I have finally figured out how to export Private Key from
Fortigate firewall and successfully install Godaddy Wildcard SSL
certificate in UniFi Cloud Key Gen 2 Plus Network Controller

Good day from Singapore,

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 26 Oct 2022 Wednesday

I have finally figured out how to export Private Key from Fortigate
firewall and successfully install Godaddy Wildcard SSL certificate in UniFi
Cloud Key Gen 2 Plus Network Controller because I have finally found the
correct reference guides! Please refer to the following list.

Reference Guides
=================

Youtube video: Ubiquiti Networks UniFi OS SSL Certificate Installation
Link: https://www.youtube.com/watch?v=WxhY71ebc9o

Guide: Extracting Private Key from FortiGate Firewall
Link:
https://infosecmonkey.com/extracting-private-key-from-fortigate-firewall/

Guide: Extracting private key from FortiGate SSL Certificates
Link:
https://www.linkedin.com/pulse/extracting-private-key-from-fortigate-ssl-kuganesan-srijeyanthan

Guide: How to decrypt an RSA private key and then use it in kyrtool to
merge the SSL certificates.
Link:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098900

Guide: How to Fix an Encrypted SSL Private Key
Link: https://serverpilot.io/docs/how-to-fix-an-encrypted-ssl-private-key/

DETAILED INSTRUCTIONS FROM TEO EN MING
=======================================

Login to the Fortigate 201F firewall and run the following commands using
CLI.

config vpn certificate local

edit <certificate-name>

show full

You will see something like:

-----BEGIN ENCRYPTED PRIVATE KEY-----
<---snipped--->
-----END ENCRYPTED PRIVATE KEY-----

Save the above encrypted private key as encrypted.txt in notepad or
notepad++ in Windows Server.

Then decrypt the encrypted private key using the openssl linux command.

openssl rsa -in encrypted.txt -out plain.txt

Download and install Keystore Explorer in Windows Server.

Launch KeyStore Explorer 5.5.1.

Click Create a new KeyStore.

Click JKS.

Click OK.

Click Import Key Pair.

Click OpenSSL.

Click OK.

Uncheck Encrypted Private Key.

Browse OpenSSL Private Key File. (plain.txt)

Browse Certificate(s) File. (chain.crt generated from Godaddy Wildcard SSL
certificate)

Click Import.

Enter Alias: unifi

Click OK.

Enter New Password: aircontrolenterprise

Confirm New Password: aircontrolenterprise

Click OK.

Click OK.

Click Save.

Enter New Password: aircontrolenterprise

Confirm New Password: aircontrolenterprise

Save KeyStore As: keystore (filename without extension)

Click Save.

Launch WinSCP in Windows Server.

Transfer keystore file to /srv/unifi/data.

Browse to /data/unifi-core/config. Create backup folder.

Move default/original unifi-core.crt and unifi-core.key to above backup
folder.

Upload plain.txt to /data/unifi-core/config as unifi-core.key.

Upload chain.crt (generated from Godaddy Wildcard SSL certificate) to
/data/unifi-core/config as unifi-core.crt

Reboot UniFi Cloud Key Gen 2 Plus network controller. You MUST reboot for
it to take effect!

SUCCESS!

Browse to https://cloudkey.teo-en-ming-corp.com on your favorite web
browser. You should see a padlock icon on the browser address bar. This
means that the Wildcard SSL certificate was installed correctly.

I started doing it at 5.00 PM and completed doing it at 6.00 PM Singapore
time on 26 Oct 2022 Wednesday.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221026/486cd8ff/attachment.htm>


More information about the openssl-users mailing list