Fortinet black logo

Administration Guide

Configuring FortiOS

Configuring FortiOS

To configure FortiOS:
  1. Go to System > Certificates. If Certificates is unavailable, enable the feature in System > Feature Visibility > Certificates.
  2. Import the CA certificate:
    1. Select Import > CA Certificate.
    2. For Type, select File.
    3. Use the Upload button to locate the CA certificate that you generated in Creating certificates in FortiAuthenticator.
    4. Click OK. The uploaded certificate appears under Remote CA Certificate with the name CA_Cert_1. You can identify the certificate by the Subject column. In this example, the Subject column displays CN=lab.
  3. Import the server certificate:
    1. Select Import > Local Certificate.
    2. For Type, select PKCS #12 Certificate.
    3. Use the Upload button to locate the server certificate that you generated in Creating certificates in FortiAuthenticator.
    4. Enter the password that you defined when exporting the certificate-key pair. Click OK.
  4. To use certificate authentication, you must create PKI users in the CLI. Enter the following commands:

    config user peer

    edit JimHalpert

    set ca CA_Cert_1

    set subject jhalpert

    next

    end

  5. Configure VPN settings:
    1. Go to VPN > SSL-VPN Settings.
    2. Locate Server Certificate and find the server certificate that you uploaded.
    3. Enable Require Client Certificate.
    4. Click Apply.

Configuring FortiOS

To configure FortiOS:
  1. Go to System > Certificates. If Certificates is unavailable, enable the feature in System > Feature Visibility > Certificates.
  2. Import the CA certificate:
    1. Select Import > CA Certificate.
    2. For Type, select File.
    3. Use the Upload button to locate the CA certificate that you generated in Creating certificates in FortiAuthenticator.
    4. Click OK. The uploaded certificate appears under Remote CA Certificate with the name CA_Cert_1. You can identify the certificate by the Subject column. In this example, the Subject column displays CN=lab.
  3. Import the server certificate:
    1. Select Import > Local Certificate.
    2. For Type, select PKCS #12 Certificate.
    3. Use the Upload button to locate the server certificate that you generated in Creating certificates in FortiAuthenticator.
    4. Enter the password that you defined when exporting the certificate-key pair. Click OK.
  4. To use certificate authentication, you must create PKI users in the CLI. Enter the following commands:

    config user peer

    edit JimHalpert

    set ca CA_Cert_1

    set subject jhalpert

    next

    end

  5. Configure VPN settings:
    1. Go to VPN > SSL-VPN Settings.
    2. Locate Server Certificate and find the server certificate that you uploaded.
    3. Enable Require Client Certificate.
    4. Click Apply.