Fortinet black logo

Persistent Agent Deployment and Configuration

Home FortiNAC-F 7.2.0 Persistent Agent Deployment and Configuration
7.2.0
7.4.0
7.2.0

FortiNAC SSL Certificates

FortiNAC SSL Certificates

In order for the agent to successfully communicate, SSL Certificates must be installed in FortiNAC. Hosts running the agent must have the appropriate Certificate Authority (CA) root/intermediate certificate installed to validate trust. There are different certificates available to secure communication.

Corporate Owned Internal CA: Using either a SAN (Subject Alternative Name) or Wildcard certificate is recommended in a High Availability or multi-pod environment. This allows the administrator to use the same certificate on all FortiNAC appliances.

When this is needed:

  • Prevent non-corporate devices with the agent installed from communicating with FortiNAC.

Requirements:

  • FortiNAC must have all the internal CA’s intermediate and root certificates installed. See Cookbook recipe FortiNAC SSL Certificates for installation instructions.

  • Host must have all the internal CA’s root certificates installed for the Local Machine (not the Current User). This can be done via Group Policy, Software Management Distribution program or manually. See KB article Verify Trusted Certificate Authorities on Windows or MacOSX.

Public Third Party SSL certificates: root/intermediate certificates are typically updated via OS updates automatically. Using either a SAN (Subject Alternative Name) or Wildcard certificate is recommended in a High Availability or multi-pod environment. This allows the administrator to use the same certificate on all FortiNAC appliances. Public certificates are commonly used in educational facilities.

When this is needed:

  • Environments where Internal CA Certificates are not available.

Requirements:

  • FortiNAC must have all the public CA’s intermediate and root certificates installed. See Cookbook recipe FortiNAC SSL Certificates for installation instructions.

Previous
Next

FortiNAC SSL Certificates

In order for the agent to successfully communicate, SSL Certificates must be installed in FortiNAC. Hosts running the agent must have the appropriate Certificate Authority (CA) root/intermediate certificate installed to validate trust. There are different certificates available to secure communication.

Corporate Owned Internal CA: Using either a SAN (Subject Alternative Name) or Wildcard certificate is recommended in a High Availability or multi-pod environment. This allows the administrator to use the same certificate on all FortiNAC appliances.

When this is needed:

  • Prevent non-corporate devices with the agent installed from communicating with FortiNAC.

Requirements:

  • FortiNAC must have all the internal CA’s intermediate and root certificates installed. See Cookbook recipe FortiNAC SSL Certificates for installation instructions.

  • Host must have all the internal CA’s root certificates installed for the Local Machine (not the Current User). This can be done via Group Policy, Software Management Distribution program or manually. See KB article Verify Trusted Certificate Authorities on Windows or MacOSX.

Public Third Party SSL certificates: root/intermediate certificates are typically updated via OS updates automatically. Using either a SAN (Subject Alternative Name) or Wildcard certificate is recommended in a High Availability or multi-pod environment. This allows the administrator to use the same certificate on all FortiNAC appliances. Public certificates are commonly used in educational facilities.

When this is needed:

  • Environments where Internal CA Certificates are not available.

Requirements:

  • FortiNAC must have all the public CA’s intermediate and root certificates installed. See Cookbook recipe FortiNAC SSL Certificates for installation instructions.

Previous
Next