Fortinet black logo

Administration Guide

Home FortiAuthenticator 6.5.2 Administration Guide
6.5.2
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.1
4.2.0

General

General

As an administrator, you can allow FortiAuthenticator to either automatically sign the user’s certificate or alert you about the request for a signature.

To enable SCEP and configure general settings:
  1. Go to Certificate Management > SCEP > General, and select Enable SCEP.
  2. Configure the following settings:
    Default CAFrom the dropdown, select the default local CA used to issue certificates via SCEP.
    Default enrollment password

    Enter the default enrollment password that is used when not setting a random password.

    Note: You can still choose between the default password or a randomly generated password when creating a new enrollment request.

    Enrollment method

    Select the enrollment method:

    • Automatic: The certificate is pre-approved by the administrator. The administrator enters the certificate information on FortiAuthenticator and gives the user a challenger password to use when submitting their request.
    • Manual and Automatic: The user submits the CSR, the request shows up as pending on FortiAuthenticator unit, then the administrator manually approves the pending request. Optionally, enter an email address to be informed of pending approval notifications.

    Revoke the old certificate on renewal

    Enable to revoke the old certificate after it is renewed.

  3. Select Save to apply any changes you have made.
Previous
Next

General

As an administrator, you can allow FortiAuthenticator to either automatically sign the user’s certificate or alert you about the request for a signature.

To enable SCEP and configure general settings:
  1. Go to Certificate Management > SCEP > General, and select Enable SCEP.
  2. Configure the following settings:
    Default CAFrom the dropdown, select the default local CA used to issue certificates via SCEP.
    Default enrollment password

    Enter the default enrollment password that is used when not setting a random password.

    Note: You can still choose between the default password or a randomly generated password when creating a new enrollment request.

    Enrollment method

    Select the enrollment method:

    • Automatic: The certificate is pre-approved by the administrator. The administrator enters the certificate information on FortiAuthenticator and gives the user a challenger password to use when submitting their request.
    • Manual and Automatic: The user submits the CSR, the request shows up as pending on FortiAuthenticator unit, then the administrator manually approves the pending request. Optionally, enter an email address to be informed of pending approval notifications.

    Revoke the old certificate on renewal

    Enable to revoke the old certificate after it is renewed.

  3. Select Save to apply any changes you have made.
Previous
Next