Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiNAC 8.5.3 Release Notes
    8.5.3
    9.4.8
    9.4.7
    9.4.6
    9.4.5
    9.4.4
    9.4.3
    9.4.2
    9.4.1
    9.4.0
    9.2.8
    9.2.7
    9.2.6
    9.2.5
    9.2.4
    9.2.3
    9.2.2
    9.2.1
    9.2.0
    9.1.10
    9.1.9
    9.1.8
    9.1.7
    9.1.6
    9.1.5
    9.1.4
    9.1.3
    9.1.2
    9.1.0
    8.8.11
    8.8.10
    8.8.9
    8.8.8
    8.8.7
    8.8.6
    8.8.5
    8.8.4
    8.8.3
    8.8.2
    8.8.1
    8.8.0
    8.7.6
    8.7.5
    8.7.4
    8.7.2
    8.7.1
    8.7.0
    8.6.5
    8.6.4
    8.6.3
    8.6.2
    8.6.1
    8.6.0
    8.5.4
    8.5.3
    8.5.2
    8.5.1
    8.3.7
    8.3.6

    Create a keystore for SSL or TLS

    Create a keystore for SSL or TLS

    When using SSL or TLS security protocols for communications between FortiNAC and some servers (such as LDAP directory, Fortinet EMS and Nozomi servers) a security certificate may be required. The need for the certificate is dependent upon the configuration of the directory. In most cases, FortiNAC automatically imports the certificate it needs. However, if this is not the case, use the following steps to import the certificate.

    Certificate Import Instructions:

    1. Once the certificate from the CA has been received, login to the FortiNAC server CLI as root.
      Note: If using NAC-OS, login to CLI as admin then run:
      execute enter-shell
    2. Copy the file to the /home/admin directory.
    3. Use the keytool command to import the certificate into a keystore file.
      keytool -import -trustcacerts -alias ldap_client -file /home/admin/MainCertificate.der -keystore .keystore
      Example using certificate file named MainCertificate.der:
      keytool -import -trustcacerts -alias ldap_client -file MainCertificate.der -keystore .keystore
      For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.
    4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
    5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23
    6. To view the certificate, navigate to the /home/admin directory and type the following:
      keytool -list -v -keystore .keystore
    7. Type the password used to import the certificate and press Enter.
    8. Verify connection to the directory. In the Administration UI, navigate to System > Settings > Authentication > LDAP.
    9. Double click the directory model and click the Validate Credentials button.

    If unable to connect, restart the FortiNAC control process to clear any cached information:

    1. In the FortiNAC CLI, type:

      sudo shutdownCampusMgr

    2. Wait 30 seconds
    3. Type:

      sudo startupCampusMgr

    Previous
    Next

    Create a keystore for SSL or TLS

    Create a keystore for SSL or TLS

    When using SSL or TLS security protocols for communications between FortiNAC and some servers (such as LDAP directory, Fortinet EMS and Nozomi servers) a security certificate may be required. The need for the certificate is dependent upon the configuration of the directory. In most cases, FortiNAC automatically imports the certificate it needs. However, if this is not the case, use the following steps to import the certificate.

    Certificate Import Instructions:

    1. Once the certificate from the CA has been received, login to the FortiNAC server CLI as root.
      Note: If using NAC-OS, login to CLI as admin then run:
      execute enter-shell
    2. Copy the file to the /home/admin directory.
    3. Use the keytool command to import the certificate into a keystore file.
      keytool -import -trustcacerts -alias ldap_client -file /home/admin/MainCertificate.der -keystore .keystore
      Example using certificate file named MainCertificate.der:
      keytool -import -trustcacerts -alias ldap_client -file MainCertificate.der -keystore .keystore
      For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.
    4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
    5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23
    6. To view the certificate, navigate to the /home/admin directory and type the following:
      keytool -list -v -keystore .keystore
    7. Type the password used to import the certificate and press Enter.
    8. Verify connection to the directory. In the Administration UI, navigate to System > Settings > Authentication > LDAP.
    9. Double click the directory model and click the Validate Credentials button.

    If unable to connect, restart the FortiNAC control process to clear any cached information:

    1. In the FortiNAC CLI, type:

      sudo shutdownCampusMgr

    2. Wait 30 seconds
    3. Type:

      sudo startupCampusMgr

    Previous
    Next