Dialup IPsec VPN with PSK, wish to change to CBA Authentication - Which type of Certificate?

Forum|Forum|7 months ago
November 8, 2025
1 reply
220 views

I’m currently using a dialup IPsec VPN with Entra ID MFA. The FortiGate is connected to Entra ID using SAML.

My questions are:

Is this basic SSL certificate the proper type?

https://www.ssl.com/certificates/basicssl/

Do I need to purchase a certificate for each user?

Any comments would be greatly appreciated.

Thank you

authentication

funkylicious

SuperUser

hi,

you can use a single certificate for all users, it can be an external one ( havent tried it tho, but should work ) or could a internal CA signed one.

there is also the posibility of each user/computer having their own certificate, but this is most commonly used in enterprises where its issued/signed by the internal CA and make use of GPO for this.

"jack of all trades, master of none"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded