FortiClient/FortiClientEMS IPSec User Certificate Issues

My customers have the Issue that he want to use VPN Before Logon, with Windows Credentials but he always have to choose the right Certificate because FortiClient somehnow cannot save it and dont ask again for the Certifikate.

Is it possible for FortiClient managed by an EMS to somehow configure it to ask only once for certificate and then save it?

is it possible to Login to SSL VPN with Windows Credentials and without having entering a password each time?

Thanks

We're using user based certificate authentication for our Forticlient connections, our Windows CA is dishing out certificates from a slightly modified template. I copied the "Client Server Authentication" policy and edited the expiry, private key export etc. to match what we needed, but this one shows up and works fine for authentication. I'd hazard a guess that the certificate you are dishing out doesn't have "Client Authentication" set.

Or - if you look in the XML of the config file there is:

<usewincert>1</usewincert>

<use_win_current_user_cert>1</use_win_current_user_cert>

<use_win_local_computer_cert>1</use_win_local_computer_cert>

if you have <use_win_current_user_cert>1</use_win_current_user_cert> set to 0 not 1 then it will not show any certificates from the user's local store. we have set ours:

<usewincert>1</usewincert>

<use_win_current_user_cert>1</use_win_current_user_cert>

<use_win_local_computer_cert>0</use_win_local_computer_cert>

so it only displays user certificates.

hope some of that helps.

Dont forget to setup the CRL too and modify the refresh timer!