Device certificate self-enrollment is a method for local and remote users to obtain certificates for their devices. It can be used to enable EAP-TLS for BYOD configurations, or for VPN authentication. For example:
- A user brings their tablet to a BYOD organization.
- They log in to FortiAuthenticator and create a certificate for the device.
- With their certificate, username, and password they can authenticate to gain access to the wireless network.
- Without the certificate, they are unable to access the network.
|EAP-TLS is a bidirectional certificate authentication method; the client and the FortiAuthenticator EAP need to have matching certificates from the same CA.
To enable device self-enrollment and adjust self-enrollment settings, go to Authentication > Self-service Portal > Device Self-enrollment and select Enable user device certificate self-enrollment.
|SCEP must be enabled to activate this feature, see SCEP.
The following settings can be configured:
Select OK to apply any changes you have made.