Staff & Editor

Technical Tip: How to configure FortiClient to use FortiToken 300 for certificate authentication

Forum|Forum|6 years ago
October 23, 2019
0 replies
4214 views

Description

This article explains how to configure FortiClient to use FortiToken 300 for certificate authentication.

Scope

FortiClient.

Solution

Certificates installed on FortiToken-300 are the same as with local certificate for VPN in FortiClient.

The certificate itself has to have the 'Microsoft Smartcardlogin' extendedKeyUsage property, so that it is possible to import it to the token and MS Windows will consider the certificate as placed on SmartCard storage.

If these certificates are made on FortiAuthenticator, then during creation check the box "Use certificate for Smart Card logon" on the bottom of the "Create New User Certificate" page.

When the certificate has 'Microsoft Smartcardlogin', it will be visible in the Windows Certificate Store.

As initial checking, it will be good the Certificates installed on FTK300 to be checked on Windows Certificate Store.

If the certificate is visible in the Windows Certificate Store, it should be visible in FortiClient.

FortiToken docs:
https://docs.fortinet.com/product/fortitoken/5.0

FortiClient docs:
https://docs.fortinet.com/product/forticlient/6.2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded