WiFi Certificate Authentication

Question

Hi,

New to using FortiSwitch and FortiAP so bear with me.

I'm trying to configure a SSID to authenticate users based on a provided certificate they have. We already have this all set up and working using our Cisco AP's, but for this site we are trialing a full FortiNet setup. We also dont have FortiAuthenticator.

The SSID is configured to use WPA2 Enterprise and points to our RADIUS server.

It looks like the configuration for the certificate authentication is done on the FortiAP Profile. I have enabled 802.1x and selected EAP-TLS as the type. But its asking me for a username and password and wont let me proceed without it? What is this for as I want the clients to authenticate solely with the installed certificate on the machines?

Also, if I have .1x enabled on the profile, can I still use another separate SSID with a PSK for authentication as well?

Thanks.

sjoshi · Answer

To configure certificate-based authentication for an SSID on FortiAP without FortiAuthenticator, follow these steps:

1. Enable 802.1X authentication and select EAP-TLS in the FortiAP profile. When prompted for a username and password, you can input any values as they are not used for certificate-based authentication. This step is a requirement in the configuration but will not affect the certificate-based authentication process.

2. Ensure that the clients have the necessary certificates installed on their machines for authentication.

3. Yes, you can still use another separate SSID with a pre-shared key (PSK) for authentication even if you have 802.1X enabled on the profile. The two SSIDs can coexist and operate independently with their respective authentication methods.

By following these steps, you can successfully configure certificate-based authentication for the SSID on FortiAP without the need for FortiAuthenticator.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded