- On the FortiAuthenticator, go to Certificate Management > Certificate Authorities > Local CAs and select Import.
- Select the Certificate authority configured with the HSM from the dropdown menu, and set the Hash algorithm to SHA-256. Click OK.
- Once imported, you should see that the certificate has been signed by the FortiAuthenticator, showing a Status of Active, and with the CA Type of Intermediate (non-signing) CA.
- Highlight the certificate and select Export Certificate.
Set Type to CSR to sign, enter a Certificate ID, and import the CSR file.
This will save a .crt file to your local drive.