Skip to main content
sjerry
Staff
sjerry
Staff
October 7, 2025

Technical Tip: How to set up EAP TLS on workstation and FortiNAC

  • October 7, 2025
  • 1 reply
  • 1803 views
Description This article is to help assist the setup of EAP TLS authentication via FortiNAC.
Scope

FortiNAC, CentOS, nacOS.
Solution

Change network properties to the SSID to the following Microsoft: Smart Card or other certificate.


p1.png

 

Select Advanced settings.

 

p2.png

 

Select Ok and go to settings from the Network Properties window:

Make sure the following selections are chosen:

  • Confirm the trusted root CA is selected.


p3.png

 

In the FortiNAC UI -> Network -> RADIUS -> Local Servers.

  • Make sure OSCP is turned off.


p4.png

p5.png

 

Navigate to System -> Certificate Management -> Trusted Certificates.

Add the trusted root CA:

Picture10.png

 

Run a pcap and filter by Type to see if the supplicant is using EAP TLS.


Picture9.png


After connecting, the changes should be reflected in the GUI.


p8.png

 

Related documents:

Technical Tip: How to enable OCSP support and OCSP responder errors on FortiNAC

Technical Tip: Extracting certificates from SSL/TLS handshake packet capture
TLS (certificate) 

    1 reply

    diojanruiz
    diojanruiz
    New Member
    April 22, 2026

    Could you share with us how you configure the certificate to populate the user in the NAC, given that you're using machine authentication?

    Terms & ConditionsAccessibility statement