Description
This article describes how to configure LDAPS with FortiAuthenticator.
Scope
FortiAuthenticator.
Solution
In this case Microsoft Windows Active Directory has been used as Certificate Authority,
These test are performed with Windows Server 2019.
Open Run and write mmc.exe,
Go to File and select Add/Remove Snap-in, chose Certificates and select 'Add'.
Select the option 'Computer Account'.
Select the option 'Local Computer' and chose 'Finish'.
Select 'Certificates', go to Personal- Certificates, select the certificate
Right click, select All task and chose 'Export'.
Select the option, No, do not export the private key and DER file format.
Specify the name and select 'Next', specify a filename and chose 'Finish'.
Import this CA certificate on FortiAuthenticator as Trusted CA.
Go Certificate Management - > Certificate Authorities - > Trusted CA and select import
Specify an ID to certificate and select upload a file, to import the previous certificate exported.
Go on Authentication - > Remote Auth.Servers - > LDAP, enable the option Secure Connection and select the correct certificate.
Try to browse to directory with LDAPS enabled and that should work fine now.
Also run a packet capture, and you should see no readable data but only TLS encrypted.
