Authenticate COMPUTER certificate

Forum|Forum|4 years ago
September 17, 2021
1 reply
3759 views

Hi All,

I have done configuration with user certificates according to this article Cookbook | FortiGate / FortiOS 6.2.9 | Fortinet Documentation Library

and it's working.

Now I want to do it with computer only certificate, but it won't work.

I done configuration similar as for user only diffrence that use computer certificate and distinguishedName as common name identifier.

And it won't connect

Is it possible at all?

emnoc

New Member

I highly doubt you can get that to work and in a multi-user environment, I would use "users" certificates fwiw

Machine certificate are not what you want if you need security from a user perspective.

Ken Felix

jamotAuthor

New Member

Hi Ken,

Thank You for your answer.

I know this should not be final configuration, that why I have running vpn with user certificates.

I need computer certificates for emergency vpn connection, when user certificate expire.

Some of my users don't work with vpn to much and certificates expiring for them.

Since yesterday I was able to configure that forti finds the computer in ad and the group assigned to it based on the generated certificate, but unfortunately now forti cannot compare whether the found group in ad is the one I indicated in the configuration. I don't know why this is because the groups are the same and the computer belongs to this group.

Tom

emnoc

New Member

Interesting but I never heard of it used an emergency tho. Have you read this KB? This speaks purely about how you have to give the forticlient user read access to the computer certificate which is a challenge.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47826

That might get you farther and might get your VPN up.

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded