Technical Note: Using PKI EJBCA for SCEP with FortiGate
Description
Solution
This article explains the LDAP DN order paramter values to set when using PKI EJBCA for SCEP with FortiGate
Solution
By default, in EJBCA Certificate profiles, the default DN order is LDAP DN order:
CN=zzz, O=yyy, C=xxx
FortiGate only supports X500 ordering:
C=xxx, O=yyy, CN=zzz
To retrieve a certificate using the SCEP from the FortiGate to EJBCA, it is necessary to uncheck "LDAP DN order" in EJBCA "Certificate profiles" as shown in the screenshot below:
CN=zzz, O=yyy, C=xxx
FortiGate only supports X500 ordering:
C=xxx, O=yyy, CN=zzz
To retrieve a certificate using the SCEP from the FortiGate to EJBCA, it is necessary to uncheck "LDAP DN order" in EJBCA "Certificate profiles" as shown in the screenshot below: