Certificate authentication requires three certificates:
- Certificate Authority (CA) certificate
- Server certificate that the CA certificate has signed
- Client certificate that the CA certificate has signed
If the selected CA is well-known, such as Digicert or Comodo, the CA certificate may be preinstalled on the endpoint. Instead, this example uses FortiAuthenticator as a CA to sign the client and server certificates. In this example, you must import the CA certificate in FortiAuthenticator to the endpoint and FortiOS.