Fortinet black logo

Cookbook

Generating the G Suite certificate

Copy Link
Copy Doc ID 502fabff-dbf1-11ea-96b9-00505692583a:731026
Download PDF

Generating the G Suite certificate

You must first generate certificates to authenticate the LDAP client with Secure LDAP service.

To generate certificate authentication:
  1. From the Google Admin console, go to Apps > LDAP.
  2. Select one of the clients in the list.
  3. Click the Authentication card.
  4. Click GENERATE NEW CERTIFICATE, then click the download icon to download the certificate.
  5. Upload the certificate to your client, and configure the application.
    Depending on the type of LDAP client, configuration may require LDAP access credentials. See Generate access credentials.

Once you have uploaded the certificate to your client, G Suite will generate a client certificate and key.

Example:

  • Cert: Google_2022_09_09_72372.crt
  • Key: Google_2022_09_09_72372.key

Store the certificate and key in a safe place.

By default, FortiAuthenticator will not trust the certificate issued by Google. You must install a Google Trusted CA to match the chain group, which can be downloaded at https://pki.goog/.

  • GS Root R2

Generating the G Suite certificate

You must first generate certificates to authenticate the LDAP client with Secure LDAP service.

To generate certificate authentication:
  1. From the Google Admin console, go to Apps > LDAP.
  2. Select one of the clients in the list.
  3. Click the Authentication card.
  4. Click GENERATE NEW CERTIFICATE, then click the download icon to download the certificate.
  5. Upload the certificate to your client, and configure the application.
    Depending on the type of LDAP client, configuration may require LDAP access credentials. See Generate access credentials.

Once you have uploaded the certificate to your client, G Suite will generate a client certificate and key.

Example:

  • Cert: Google_2022_09_09_72372.crt
  • Key: Google_2022_09_09_72372.key

Store the certificate and key in a safe place.

By default, FortiAuthenticator will not trust the certificate issued by Google. You must install a Google Trusted CA to match the chain group, which can be downloaded at https://pki.goog/.

  • GS Root R2