Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiGuest 1.3.1 User Guide
    1.3.1
    1.3.1
    1.3.0
    1.2.0
    1.1.0
    1.0.0

    SCEP Servers and Local Certificate Authorities

    SCEP Servers and Local Certificate Authorities

    FortiGuest allows distribution of certificates to devices when they are authenticated onto the network. This is achieved in the following methods.

    • You can generate user certificates on an external server like MS Active Directory and then add an entry in Smart Connect > SCEP Servers.

    • You can also generate certificates internally on the FortiGuest in System > Local Certificate Authorities.

    • You can manually upload certificates while configuring the authentication policy. See RadSec Authentication.

    When a network user requests a Smart Connect profile, then a user certificate is generated, this is achieved by selecting EAP-TLS as an EAP type in a Smart Connect profile. You can add an SCEP Server and generate certificates internally using the Local Certificate authorities.

    Adding the SCEP Server

    Navigate to Smart Connect > SCEP Servers and configure the following parameters to add an SCEP server.

    1. Enter the Name of the SCEP Server.

    2. Enter the URL of the SCEP Server (HTTP only)

    3. Enter a Challenge Password that is required when connecting to NDES on a Windows server. If the password is not specified then the user's current password is used when generating the client certificate.

    4. Enter the Key Size.

    5. Enter the OCSP URL to send an OCSP request for validating user certificates when authenticating.

    Local Certificate Authorities

    Navigate to System > Local Certificate Authorities configure the following parameters to generate certificates internally.

    • Common Name - This is either the IP address of FortiGuest or the fully qualified domain name (FQDN) for FortiGuest. The FQDN must resolve correctly in DNS.

    • Organization - The name of your organization or company.

    • Organizational Unit (Section) - The name of the department or business unit that owns the device.

    • Locality (e.g. City) - The city where the server is located.

    • State or Province - The state where the server is located.

    • Country - Select the relevant country.

    • Maximum Lifetime in Days- The maximum lifetime of any generated certificate in days.

    • Private Key Size (bits) - The minimum size of the private key to generate. The minimum size is 512 bits.
    Previous
    Next

    SCEP Servers and Local Certificate Authorities

    SCEP Servers and Local Certificate Authorities

    FortiGuest allows distribution of certificates to devices when they are authenticated onto the network. This is achieved in the following methods.

    • You can generate user certificates on an external server like MS Active Directory and then add an entry in Smart Connect > SCEP Servers.

    • You can also generate certificates internally on the FortiGuest in System > Local Certificate Authorities.

    • You can manually upload certificates while configuring the authentication policy. See RadSec Authentication.

    When a network user requests a Smart Connect profile, then a user certificate is generated, this is achieved by selecting EAP-TLS as an EAP type in a Smart Connect profile. You can add an SCEP Server and generate certificates internally using the Local Certificate authorities.

    Adding the SCEP Server

    Navigate to Smart Connect > SCEP Servers and configure the following parameters to add an SCEP server.

    1. Enter the Name of the SCEP Server.

    2. Enter the URL of the SCEP Server (HTTP only)

    3. Enter a Challenge Password that is required when connecting to NDES on a Windows server. If the password is not specified then the user's current password is used when generating the client certificate.

    4. Enter the Key Size.

    5. Enter the OCSP URL to send an OCSP request for validating user certificates when authenticating.

    Local Certificate Authorities

    Navigate to System > Local Certificate Authorities configure the following parameters to generate certificates internally.

    • Common Name - This is either the IP address of FortiGuest or the fully qualified domain name (FQDN) for FortiGuest. The FQDN must resolve correctly in DNS.

    • Organization - The name of your organization or company.

    • Organizational Unit (Section) - The name of the department or business unit that owns the device.

    • Locality (e.g. City) - The city where the server is located.

    • State or Province - The state where the server is located.

    • Country - Select the relevant country.

    • Maximum Lifetime in Days- The maximum lifetime of any generated certificate in days.

    • Private Key Size (bits) - The minimum size of the private key to generate. The minimum size is 512 bits.
    Previous
    Next