PKI authentication
For PKI certificate-based authentication, you must create two certificates using the same CA. One certificate will be used for FortiMail HTTP server and the other certificate will be associated with an admin user. Both the user certificates and private key has to be moved to the PC running the script. The CA certificate needs to be copied to the PC as well. Otherwise CURL will not be able to verify the FortiMail certificate.
To use PKI admin authentication
- Enable PKI mode with the following CLI command:
- Create a PKI user under Domain & User > User > PKI User.
- Create an admin account using PKI authentication type under System > Administrator > Administrator.
- Split the PKCS12 certificate into cert and key. They will be used when you log in to FortiMail.
config system global
set pki-mode enable
end
openssl pkcs12 -in test.p12 -out test.pem -nokeys
openssl pkcs12 -in test.p12 -out test.key nocerts -nodes