Certificates
SSL certificates can be used to secure many different types of connections for FortiNAC. The table below outlines the uses and requirements for these certificates.
Applies to all certificates imported into or saved on FortiNAC appliances.
Certificates that use SHA2 encryption are not supported.
Valid certificates are certificates that were obtained from a signing authority, such as, VeriSign.
Update the list of Allowed Domains with the domain of the certificate vendor. See Allowed domains.
Make sure that your network has a VLAN that allows hosts in isolation to access the internet when the host attempts to reach one of the sites in the Allowed Domains list.
It is recommended that you set the home page to a HTTP URL instead of a HTTPS URL to avoid receiving a certificate warning when opening your browser in IE while in the registration VLAN.
Connection |
Types |
Required |
Format |
Location |
If no certificate |
---|---|---|---|---|---|
Admin UI |
Self-Signed or Valid |
No |
|
/bsc/services |
Works with or without a certificate. |
Portal |
Self-Signed or Valid |
No |
PEM |
Imported |
Works with or without a certificate. |
Persistent Agent |
Self-Signed or Valid |
Yes |
|
Imported |
Use agents lower than 3.0. |
Dissolvable Agent |
Self-Signed or Valid |
Yes |
|
Imported |
Use agents lower than 3.0. |
Mobile Agent |
Valid |
Yes |
|
Imported |
No workaround, must use certificate. |
LDAP |
Valid |
No |
|
/bsc/campusMgr |
Do not select SSL or TLS protocols on the Directory Configuration view. |
RADIUS Server |
Valid |
Yes with 802.1x and PEAP. |
|
Proprietary |
Use security options WEP, WPA or WPA2 , which use PSK, instead of the enterprise versions which use PEAP. |
Supplicant Configuration |
Valid |
Yes for Windows hosts if RADIUS server has certificate and uses 802.1x and PEAP. |
PEM or binary |
Imported |
Use security options WEP, WPA or WPA2 , which use PSK, instead of the enterprise versions which use PEAP. Or Windows hosts will have poor user experience with connection delays during supplicant configuration implementation. |
Palo Alto |
|
Yes |
|
N/A FortiNAC automatically imports from Palo Alto |
Required |
Associated certificate documentation
Connection |
Topic |
---|---|
Admin UI |
See SSL certificates. |
Portal |
See Portal SSL. |
Persistent Agent |
See SSL certificates. |
Dissolvable Agent |
|
Mobile Agent |
|
LDAP Directory |
|
RADIUS Server |
See the documentation for your RADIUS server. |
Supplicant Configuration |
|
Palo Alto Integration |
See Add or modify the Palo Alto User-ID agent as a pingable. |