Description This article describes how to use own certificates for the FortiAuthenticator API and administrative access. It also shows how to set up Microsoft Windows Agent and Outlook Web Access Agent to verify the server (FortiAuthenticator) certificate.
Scope Microsoft Windows Agent Outlook Web Access Agent
Solution On the FortiAuthenticator, import own certificates via GUI:
Go to: Certificate Management -> End Entities -> Local Services Import server certificate issued for FortiAuthenticator
Go to: Certificate Management -> Certificate Authorities -> Trusted CAs
Import CA certificate which issued the above-mentioned server certificate
Then, set up newly imported certificates for the API and administrative access: Go to: System -> Administration -> System Access - HTTPS Certificate (select imported server certificate) - CA certificate that issued the server certificate (select imported CA certificate which issued server certificate)
Setting up verification of server certificate on FAC agents:
On Microsoft Windows Agent:
Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC 1) Go to: Agent configuration -> General
2) Click on 'Configure'
3) A new window will open. Go to: General 4) Check the option 'Verify Server Certificate'
Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)
On Outlook Web Access Agent:
Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC 1) Go to: Agent configuration > General 2) Check the option 'Verify Server Certificate' Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator) Select the path where the CA certificate was downloaded for the 'CA Certificate file'
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.