A PKI/peer user is a digital certificate holder. A FortiOS PKI user account contains the information required to determine which CA certificate to use to validate the user's certificate. You can include a peer user in a firewall user group or peer certificate group used in IPsec VPN.
To define a peer user, you need the following:
- Peer username
- Text from the user's certificate's subject field, or the name of the CA certificate used to validate the user's certificate
To create a peer user for PKI authentication:
config user peer
set subject email@example.com
set ca CA_Cert_1
You can add or modify other configuration settings for PKI authentication, including configuring using an LDAP server to check client certificate access rights. See the FortiOS CLI Reference.