Fortinet black logo

Cookbook

Creating a PKI/peer user

Copy Link
Copy Doc ID 664e9f16-22ad-11eb-96b9-00505692583a:776666
Download PDF

Creating a PKI/peer user

A PKI/peer user is a digital certificate holder. A FortiOS PKI user account contains the information required to determine which CA certificate to use to validate the user's certificate. You can include a peer user in a firewall user group or peer certificate group used in IPsec VPN.

To define a peer user, you need the following:

  • Peer username
  • Text from the user's certificate's subject field, or the name of the CA certificate used to validate the user's certificate
To create a peer user for PKI authentication:

config user peer

edit peer1

set subject peer1@mail.example.com

set ca CA_Cert_1

next

end

You can add or modify other configuration settings for PKI authentication, including configuring using an LDAP server to check client certificate access rights. See the FortiOS CLI Reference.

Creating a PKI/peer user

A PKI/peer user is a digital certificate holder. A FortiOS PKI user account contains the information required to determine which CA certificate to use to validate the user's certificate. You can include a peer user in a firewall user group or peer certificate group used in IPsec VPN.

To define a peer user, you need the following:

  • Peer username
  • Text from the user's certificate's subject field, or the name of the CA certificate used to validate the user's certificate
To create a peer user for PKI authentication:

config user peer

edit peer1

set subject peer1@mail.example.com

set ca CA_Cert_1

next

end

You can add or modify other configuration settings for PKI authentication, including configuring using an LDAP server to check client certificate access rights. See the FortiOS CLI Reference.