Fortinet black logo

Cookbook

Configure the local root CA

Copy Link
Copy Doc ID 52c06fe2-eb01-11eb-97f7-00505692583a:48543
Download PDF

You can now configure a local CA on FortiAuthenticator. This will be used to generate client certificates for authentication via EAP-TLS.

To configure the Local Root CA:
  1. In Certificate Management > Certificate Authorities > Local CAs, select Create New.
  2. Configure the following settings:
    1. Set the Certificate ID to the Local_Root_CA_Name.
    2. In Certificate Authority Type, set the Certificate Type to Root CA.
    3. In Subject Information, configure the Name, Department, Company, City, State/Province, Country, and Email address for your certificate.
    4. In Advanced Options > Key Usages, choose all Key Usages and Extended Key Usages.
  3. Leave all other settings as their default, and click OK.

You can now configure a local CA on FortiAuthenticator. This will be used to generate client certificates for authentication via EAP-TLS.

To configure the Local Root CA:
  1. In Certificate Management > Certificate Authorities > Local CAs, select Create New.
  2. Configure the following settings:
    1. Set the Certificate ID to the Local_Root_CA_Name.
    2. In Certificate Authority Type, set the Certificate Type to Root CA.
    3. In Subject Information, configure the Name, Department, Company, City, State/Province, Country, and Email address for your certificate.
    4. In Advanced Options > Key Usages, choose all Key Usages and Extended Key Usages.
  3. Leave all other settings as their default, and click OK.