Fortinet black logo

Administration Guide

Create a keystore for SSL or TLS

Copy Link
Copy Doc ID 8bec453a-b242-11e9-a989-00505692583a:695800
Download PDF

Create a keystore for SSL or TLS

If you choose to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. You must obtain a valid certificate from a CA. That certificate must be saved to a specific directory on your FortiNAC appliance.

SSL or TLS protocols are selected on the Directory Configuration window when you set up the connection to your LDAP directory. Follow the steps below to import your certificate. You should be logged in as root to follow this procedure.

  1. When you have received your certificate from the CA, copy the file to the /bsc/campusMgr/ directory on your FortiNAC server.
  2. Use the keytool command to import the certificate into a keystore file.
  3. For example, if your certificate file is named MainCertificate.der, you would type the following:

    keytool -import -trustcacerts -alias <MyLDAP> -file MainCertificate.der -keystore .keystore

    Depending on the file extension of your certificate file, you may need to modify the command shown above. For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.

  4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
  5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23

  6. To view the certificate, navigate to the /bsc/campusMgr/ directory and type the following: keytool -list -v -keystore .keystore

  7. Type the password used to import the certificate and press Enter.

The keystore is cached on startup. Therefore, it is recommended that you restart FortiNAC after making any changes to the keystore.

Create a keystore for SSL or TLS

If you choose to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. You must obtain a valid certificate from a CA. That certificate must be saved to a specific directory on your FortiNAC appliance.

SSL or TLS protocols are selected on the Directory Configuration window when you set up the connection to your LDAP directory. Follow the steps below to import your certificate. You should be logged in as root to follow this procedure.

  1. When you have received your certificate from the CA, copy the file to the /bsc/campusMgr/ directory on your FortiNAC server.
  2. Use the keytool command to import the certificate into a keystore file.
  3. For example, if your certificate file is named MainCertificate.der, you would type the following:

    keytool -import -trustcacerts -alias <MyLDAP> -file MainCertificate.der -keystore .keystore

    Depending on the file extension of your certificate file, you may need to modify the command shown above. For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.

  4. When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
  5. At the prompt for the keystore password, type in the following password and press Enter ^8Bradford%23

  6. To view the certificate, navigate to the /bsc/campusMgr/ directory and type the following: keytool -list -v -keystore .keystore

  7. Type the password used to import the certificate and press Enter.

The keystore is cached on startup. Therefore, it is recommended that you restart FortiNAC after making any changes to the keystore.