Creating a PKI/peer user
A PKI/peer user is a digital certificate holder. A FortiOS PKI user account contains the information required to determine which CA certificate to use to validate the user's certificate. You can include a peer user in a firewall user group or peer certificate group used in IPsec VPN.
To define a peer user, you need the following:
- Peer username
- Text from the user's certificate's subject field, or the name of the CA certificate used to validate the user's certificate
To create a peer user for PKI authentication:
config user peer
edit peer1
set subject peer1@mail.example.com
set ca CA_Cert_1
next
end
You can add or modify other configuration settings for PKI authentication, including configuring using an LDAP server to check client certificate access rights. See the FortiOS CLI Reference.