Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

PKI authentication

For PKI certificate-based authentication, you must create two certificates using the same CA. One certificate will be used for FML HTTP server and the other certificate will be associated with an admin user. Both the user certificates and private key has to be moved to the PC running the script. The CA certificate needs to be copied to the PC as well. Otherwise CURL will not be able to verify the FML certificate.

To use PKI admin authentication

  1. Enable PKI mode with the following CLI command:
  2. config system global

    set pki-mode enable

    end

  3. Create a PKI user under User > PKI User.
  4. Create an admin account using PKI authentication type under System > Administrator.
  5. Split the PKCS12 certificate into cert and key. They will be used when you log in to FortiMail.
  6. openssl pkcs12 -in test.p12 -out test.pem -nokeys

    openssl pkcs12 -in test.p12 -out test.key nocerts -nodes

PKI authentication

For PKI certificate-based authentication, you must create two certificates using the same CA. One certificate will be used for FML HTTP server and the other certificate will be associated with an admin user. Both the user certificates and private key has to be moved to the PC running the script. The CA certificate needs to be copied to the PC as well. Otherwise CURL will not be able to verify the FML certificate.

To use PKI admin authentication

  1. Enable PKI mode with the following CLI command:
  2. config system global

    set pki-mode enable

    end

  3. Create a PKI user under User > PKI User.
  4. Create an admin account using PKI authentication type under System > Administrator.
  5. Split the PKCS12 certificate into cert and key. They will be used when you log in to FortiMail.
  6. openssl pkcs12 -in test.p12 -out test.pem -nokeys

    openssl pkcs12 -in test.p12 -out test.key nocerts -nodes