FortiAuthenticator supports RADSEC and several IEEE 802.1X Extensible Authentication Protocol (EAP) methods, configurable from Authentication > RADIUS Service > Certificates. For more information about EAP, see Extensible Authentication Protocol.
You can specify the following certificate information:
|EAP Server Certificate||Specify the server certificate to be used with Extensible Authentication Protocol (EAP) methods.|
|RADSEC Server Certificate||
Specify the server certificate to be used with RADSEC RADIUS requests.
|Local CAs||Specify the local CA.|
|Trusted CAs||Specify trusted CAs.|
FortiAuthenticator does not support wildcard certificates for EAP server.
When using RADSEC, the certificate used to encrypt the TLS traffic between FortiAuthenticator and the RADSEC client must be configured in the Radsec Server Certificate field. Certificates can be created locally or imported to FortiAuthenticator.
When a RADSEC client connects to FortiAuthenticator through TLS on the specified port, after being decrypted, they are handled by the FortiAuthenticator's RADIUS daemon like standard RADIUS requests via UDP. The maximum number of simultaneous RADSEC clients supported is 500. The default RADSEC port is 2083 and can be configured in Authentication > RADIUS Service > Services. See Services