FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
rbraha
Staff
Staff
Article Id 223993

Description

 

This article describes how to configure LDAPS with FortiAuthenticator.

 

Scope

 

FortiAuthenticator.

 

Solution

 

In this case Microsoft Windows Active Directory has been used as Certificate Authority,

These test are performed with Windows Server 2019.

 

Open Run and write mmc.exe,

 

Go to File and select Add/Remove Snap-in, chose Certificates and select 'Add'.

 

Aashiq_Z_0-1663345988332.png

 

 

Aashiq_Z_1-1663346014020.png

 

Select the option 'Computer Account'.

 

Aashiq_Z_2-1663346161327.png

 

Select the option 'Local Computer' and chose 'Finish'.

 

Aashiq_Z_3-1663346205512.png

 

Select 'Certificates', go to Personal- Certificates, select the certificate 

Right click, select All task and chose 'Export'.

 

Aashiq_Z_4-1663346265242.png

 

Select the option, No, do not export the private key  and DER file format.

 

Aashiq_Z_5-1663346384454.png

 

Specify the name and select 'Next', specify a filename and chose 'Finish'.

 

Aashiq_Z_6-1663346456154.png

 

 Import this CA certificate on FortiAuthenticator as Trusted CA.

 

Go Certificate Management - > Certificate Authorities - > Trusted CA and select import 

Specify an ID to certificate and select upload a file, to import the previous certificate exported.

 

10png.png

 

Go on Authentication - > Remote Auth.Servers - > LDAP, enable the option Secure Connection and select the correct certificate.

 

11.png

 

Try to browse to directory with LDAPS enabled and that should work fine now.

 

13.png

 

Also run a packet capture, and you should see no readable data but only TLS encrypted.

 

12.png