aneshcheret
Staff
Staff
Description
This article describes how to use own certificates for the FortiAuthenticator API and administrative access.
It also shows how to set up Microsoft Windows Agent and Outlook Web Access Agent to verify the server (FortiAuthenticator) certificate.


Scope
Microsoft Windows Agent
Outlook Web Access Agent


Solution
On the FortiAuthenticator, import own certificates via GUI:

Go to: Certificate Management -> End Entities -> Local Services
Import server certificate issued for FortiAuthenticator


Go to: Certificate Management -> Certificate Authorities -> Trusted CAs
Import CA certificate which issued the above-mentioned server certificate



Then, set up newly imported certificates for the API and administrative access:
Go to: System -> Administration -> System Access
- HTTPS Certificate (select imported server certificate)
- CA certificate that issued the server certificate (select imported CA certificate which issued server certificate)





Setting up verification of server certificate on FAC agents:

On Microsoft Windows Agent:

Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC
1) Go to: Agent configuration -> General
2) Click on 'Configure'
3) A new window will open. Go to: General
4) Check the option 'Verify Server Certificate'
    Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)



On Outlook Web Access Agent:

Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC
1) Go to: Agent configuration > General
2) Check the option 'Verify Server Certificate'
    Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)
    Select the path where the
CA certificate was downloaded for the 'CA Certificate file'



Contributors