Forticlient VPN, IPSEC with certificate

Forum|Forum|6 years ago
March 31, 2020
1 reply
2532 views

I configured an IPSEC VPN tunnel on the Fortigate 200E, so that users can access the network remotely using Forticlient. Authentication will be by certificate and not by pre-shared key. I downloaded the Fortinet_SSL certificate from Fortigate itself, converted it to PFX together with the private key, using OpenSSL, then installed it on a computer and tried to connect to the VPN, it doesn't connect and a message appears asking "to check the network connection and pre-key shared " In the Fotigate logs, I see authentication error in Phase1. Is the procedure I adopted right, or was something missing?

boneyard

Valued Contributor

i would setup a CA and have that create a client certificate. reusing the built in FortiGate certificate probably wont work (is not a client cert and perhaps not a CA) and is not a good idea in general.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded