Fortinet black logo

EMS Administration Guide

Home FortiClient 7.2.1 EMS Administration Guide
7.2.1
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0

Certificate path configuration for automated certificate selection

Certificate path configuration for automated certificate selection

The EMS administrator can configure a certificate location in a Remote Access profile for SSL and IPsec VPN. FortiClient (Android) automatically goes to the certificate location when doing the following:

  • When selecting a certificate
  • When the user clicks Connect to connect to SSL VPN
To configure certificate path for automated certificate selection:
  1. In EMS, go to Endpoint Profiles > Remote Access.
  2. Create a new profile or edit an existing one.
  3. Click Add VPN Tunnel.
  4. Do one of the following:
    1. For an SSL VPN tunnel, enable Require Certificate.
    2. For an IPsec VPN tunnel, from the Authentication Method dropdown list, select Smart Card Certificate or System Store Certificate.
  5. In the Android Certificate Location field, enter the certificate location for the Android device. In this example, the location is certdir/. You should already have created this directory in the Android device internal storage. The certificate path can be only one level deep.
  6. Connect FortiClient (Android) to EMS.
  7. After FortiClient (Android) receives the configuration changes, do the one of the following:
    1. For SSL VPN, connect to VPN. Clicking Connect automatically navigates to certdir, the configured certificate location. Clicking the certificate options in Settings for the VPN tunnel also goes to sslcertdir.

    2. For IPsec VPN, go to the tunnel, then Settings > Server settings > Certificate. FortiClient (Android) automatically navigates to certdir, the configured certificate location. Select the certificate, enter the password, then click Connect. The tunnel establishes successfully.

Previous
Next

Certificate path configuration for automated certificate selection

The EMS administrator can configure a certificate location in a Remote Access profile for SSL and IPsec VPN. FortiClient (Android) automatically goes to the certificate location when doing the following:

  • When selecting a certificate
  • When the user clicks Connect to connect to SSL VPN
To configure certificate path for automated certificate selection:
  1. In EMS, go to Endpoint Profiles > Remote Access.
  2. Create a new profile or edit an existing one.
  3. Click Add VPN Tunnel.
  4. Do one of the following:
    1. For an SSL VPN tunnel, enable Require Certificate.
    2. For an IPsec VPN tunnel, from the Authentication Method dropdown list, select Smart Card Certificate or System Store Certificate.
  5. In the Android Certificate Location field, enter the certificate location for the Android device. In this example, the location is certdir/. You should already have created this directory in the Android device internal storage. The certificate path can be only one level deep.
  6. Connect FortiClient (Android) to EMS.
  7. After FortiClient (Android) receives the configuration changes, do the one of the following:
    1. For SSL VPN, connect to VPN. Clicking Connect automatically navigates to certdir, the configured certificate location. Clicking the certificate options in Settings for the VPN tunnel also goes to sslcertdir.

    2. For IPsec VPN, go to the tunnel, then Settings > Server settings > Certificate. FortiClient (Android) automatically navigates to certdir, the configured certificate location. Select the certificate, enter the password, then click Connect. The tunnel establishes successfully.

Previous
Next