Skip to main content
guchinife
guchinife
New Member
March 15, 2024
Question

Tunnel IPSEC with certificate

  • March 15, 2024
  • 1 reply
  • 1464 views

Hello
I have to configure an Ipsec VPN with a client with certificate authentication mode.
We have a Fortigate FW and on the client side we do not know the FW model.
I have some doubts about the certificates to use, see if you can help me on this.
We don't currently have a pki in the company
1. Is it advisable to use the external CA of the domain for this or is it better to use the FortiGate?
2. The client asks me for a CSR certificate, can I generate this certificate with Fortigate, is the resulting certificate the one I have to add in the "Certificate Name" configuration?
3. Should the customer also send me a CSR for us to sign? If so, can we sign it with Fortigate?

4. In Peer Certifcate CA, which certificate do I have to put, does the client have to send this certificate to me as well?

5. Which certificates do we have to send to the client?


Thanks

1 reply

dbhavsar
Staff
dbhavsar
Staff
March 15, 2024

Hi @guchinife ,

 

This will cover mostly all answers of your question:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/344213/site-to-site-vpn-with-digital-certificate

 

 

guchinife
guchinifeAuthor
New Member
March 15, 2024

Hello.
This document does not clear up any doubts as to which certificates to use.
Could you clarify more about this?

hbac
Staff
hbac
Staff
March 16, 2024

Hi @guchinife,

 

You can use external or built-in certificate, it doesn't matter. Peer certificate CA is the CA certificate which was used to sign the client's FortiGate certificate. You need to import it to your FortiGate. 

 

Regards, 

Terms & ConditionsAccessibility statement