This article describes how to extract installed SSL certs for tomcat/portal/agent.
Scope
FortiNAC-C, FortiNAC-F.
Solution
Step 1: Export the certificate from the Java Keystore and import it into a PKCS #12 Keystore:
keytool -importkeystore -srckeystore /bsc/campusMgr/.keystore -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias <tomcat/portal/agent> -deststorepass <password> -destkeypass <password>
Step 2: Export the certificate from the PKCS12 Keystore:
openssl pkcs12 -in keystore.p12 -nokeys -out <Cert-File>
Step 3: Export the private key from the PKCS12 Keystore:
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out <PrivKey-File>
Step 4: Check and copy the certs and keys created in a notepad file on the local machine and save as .pem and .key:
cat <Cert-File/PrivKey-File>
Step 5: Upload the certs to the correct target using the FortiNAC GUI.