WiFi using FortiAuthenticator RADIUS with certificates
This recipe will walk you through the configuration of FortiAuthenticator as the RADIUS server for a FortiGate wireless controller. WPA2-Enterprise with 802.1X authentication can be used to authenticate wireless users with FortiAuthenticator. 802.1X utilizes the Extensible Authentication Protocol (EAP) to establish a secure tunnel between participants involved in an authentication exchange.
EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate. Every end user, including the authentication server, that participates in EAP-TLS must possess at least two certificates:
- A client certificate signed by the certificate authority (CA)
- A copy of the CA root certificate.
This recipe specifically focuses on the configuration of the FortiAuthenticator, FortiGate, and Windows 10 computer.