Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Create a keystore for SSL or TLS

If you choose to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. You must obtain a valid certificate from a Certificate Authority. That certificate must be saved to a specific directory on your (Undefined variable: User_Guide.ProductFamily) appliance.

SSL or TLS protocols are selected on the Directory Configuration window when you set up the connection to your LDAP directory. Follow the steps below to import your certificate. You should be logged in as root to follow this procedure.

  1. When you have received your certificate from the Certificate Authority, copy the file to the /bsc/campusMgr/ directory on your (Undefined variable: User_Guide.ProductFamily) server.
  2. Use the keytool command to import the certificate into a keystore file.
  3. For example, if your certificate file is named MainCertificate.der, you would type the following:

    keytool -import -trustcacerts -alias <MyLDAP> -file MainCertificate.der -keystore .keystore

    Note

    Depending on the file extension of your certificate file, you may need to modify the command shown above. For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.

  4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
  5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23

  6. To view the certificate, navigate to the /bsc/campusMgr/ directory and type the following:

    keytool -list -v -keystore .keystore

  7. Type the password used to import the certificate and press Enter.

    Note

    The keystore is cached on startup. Therefore, it is recommended that you restart FortiNAC after making any changes to the keystore.

Create a keystore for SSL or TLS

If you choose to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. You must obtain a valid certificate from a Certificate Authority. That certificate must be saved to a specific directory on your (Undefined variable: User_Guide.ProductFamily) appliance.

SSL or TLS protocols are selected on the Directory Configuration window when you set up the connection to your LDAP directory. Follow the steps below to import your certificate. You should be logged in as root to follow this procedure.

  1. When you have received your certificate from the Certificate Authority, copy the file to the /bsc/campusMgr/ directory on your (Undefined variable: User_Guide.ProductFamily) server.
  2. Use the keytool command to import the certificate into a keystore file.
  3. For example, if your certificate file is named MainCertificate.der, you would type the following:

    keytool -import -trustcacerts -alias <MyLDAP> -file MainCertificate.der -keystore .keystore

    Note

    Depending on the file extension of your certificate file, you may need to modify the command shown above. For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.

  4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
  5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23

  6. To view the certificate, navigate to the /bsc/campusMgr/ directory and type the following:

    keytool -list -v -keystore .keystore

  7. Type the password used to import the certificate and press Enter.

    Note

    The keystore is cached on startup. Therefore, it is recommended that you restart FortiNAC after making any changes to the keystore.