Fortinet black logo

Cookbook

Configuring the certificates

Copy Link
Copy Doc ID 53d09085-7746-11e9-81a4-00505692583a:644532
Download PDF

Configuring the certificates

  1. On the FortiAuthenticator, go to Certificate Management > Certificate Authorities > Local CAs and create a new root CA.
  2. Go to Certificate Management > End Entities > Local Services and configure a certificate used for EAP-TLS.
  3. Go to Authentication > RADIUS Service > EAP and set up the EAP configuration.
  4. If client certificates were not created by FortiAuthenticator, the 3rd-party server certificate would be uploaded on to FortiAuthenticator as a Trusted CA.

    In this example, FortiAuthenticator creates the client certificates.

  5. Go to Certificate Management > End Entities > Users and create a client certificate. The CN must match the full DNS name of the intended computer.
  6. Select Export Key and Cert (with a Passphrase to protect it) and download the PKCS#12 file.

    The client certificate can be pushed out using Group Policy Object (GPO). Otherwise, it can be imported manually.

Configuring the certificates

  1. On the FortiAuthenticator, go to Certificate Management > Certificate Authorities > Local CAs and create a new root CA.
  2. Go to Certificate Management > End Entities > Local Services and configure a certificate used for EAP-TLS.
  3. Go to Authentication > RADIUS Service > EAP and set up the EAP configuration.
  4. If client certificates were not created by FortiAuthenticator, the 3rd-party server certificate would be uploaded on to FortiAuthenticator as a Trusted CA.

    In this example, FortiAuthenticator creates the client certificates.

  5. Go to Certificate Management > End Entities > Users and create a client certificate. The CN must match the full DNS name of the intended computer.
  6. Select Export Key and Cert (with a Passphrase to protect it) and download the PKCS#12 file.

    The client certificate can be pushed out using Group Policy Object (GPO). Otherwise, it can be imported manually.