Fortinet black logo

PKI authentication

Copy Link
Copy Doc ID 16daa429-db22-11e9-8977-00505692583a:52613
Download PDF

PKI authentication

For PKI certificate-based authentication, you must create two certificates using the same CA. One certificate will be used for FML HTTP server and the other certificate will be associated with an admin user. Both the user certificates and private key has to be moved to the PC running the script. The CA certificate needs to be copied to the PC as well. Otherwise CURL will not be able to verify the FML certificate.

To use PKI admin authentication

  1. Enable PKI mode with the following CLI command:
  2. config system global

    set pki-mode enable

    end

  3. Create a PKI user under User > PKI User.
  4. Create an admin account using PKI authentication type under System > Administrator.
  5. Split the PKCS12 certificate into cert and key. They will be used when you log in to FortiMail.
  6. openssl pkcs12 -in test.p12 -out test.pem -nokeys

    openssl pkcs12 -in test.p12 -out test.key nocerts -nodes

PKI authentication

For PKI certificate-based authentication, you must create two certificates using the same CA. One certificate will be used for FML HTTP server and the other certificate will be associated with an admin user. Both the user certificates and private key has to be moved to the PC running the script. The CA certificate needs to be copied to the PC as well. Otherwise CURL will not be able to verify the FML certificate.

To use PKI admin authentication

  1. Enable PKI mode with the following CLI command:
  2. config system global

    set pki-mode enable

    end

  3. Create a PKI user under User > PKI User.
  4. Create an admin account using PKI authentication type under System > Administrator.
  5. Split the PKCS12 certificate into cert and key. They will be used when you log in to FortiMail.
  6. openssl pkcs12 -in test.p12 -out test.pem -nokeys

    openssl pkcs12 -in test.p12 -out test.key nocerts -nodes