Fortinet black logo

Administration Guide

Administrative access using certificates

Certificates can be used for administrative authentication.

Generated key pairs can also be used for this authentication. See Public key SSH access for information about generating a key pair.

To log in to the FortiGate with a certificate private key:
  1. On the PC, generate a certificate.

  2. In FortiOS, import the PEM file for the remote certificate:

    # execute vpn certificate remote import tftp certificate.pem 172.16.200.55
  3. Display the imported remote certificate:

    config certificate remote
        edit "REMOTE_Cert_1"
        next
    end
  4. Apply the remote certificate to the administrative user:

    config system admin
        edit "admin1"
            set accprofile "prof_admin"
            set vdom "root"
            set ssh-certificate "REMOTE_Cert_1"
            set password ************
        next
    end
  5. On the PC, verify that the administrator can log in to the FortiGate with the SSH certificate:

    root@PC05:~# ssh -i certificate-private.pem admin1@172.16.200.1
    FortiGate-101F $ get system status
    Version: FortiGate-101F v7.0.2,build0234,211019 (GA)

Certificates can be used for administrative authentication.

Generated key pairs can also be used for this authentication. See Public key SSH access for information about generating a key pair.

To log in to the FortiGate with a certificate private key:
  1. On the PC, generate a certificate.

  2. In FortiOS, import the PEM file for the remote certificate:

    # execute vpn certificate remote import tftp certificate.pem 172.16.200.55
  3. Display the imported remote certificate:

    config certificate remote
        edit "REMOTE_Cert_1"
        next
    end
  4. Apply the remote certificate to the administrative user:

    config system admin
        edit "admin1"
            set accprofile "prof_admin"
            set vdom "root"
            set ssh-certificate "REMOTE_Cert_1"
            set password ************
        next
    end
  5. On the PC, verify that the administrator can log in to the FortiGate with the SSH certificate:

    root@PC05:~# ssh -i certificate-private.pem admin1@172.16.200.1
    FortiGate-101F $ get system status
    Version: FortiGate-101F v7.0.2,build0234,211019 (GA)