Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
jkoay
Staff
Staff

Created on ‎05-21-2024 12:40 AM Edited on ‎11-19-2024 11:08 PM By Staff

Article Id 316210

Technical Tip: Filter client certificates in FortiClient

Description

This article describes how to configure certificate filter to show only matched subject and issuer.
Scope FortiClient v7.0.
Solution

Sometimes in the endpoint, there might be many client certificates available in the personal certificate store and it could be tedious for the end user to know which client certificate to select in order to establish a VPN tunnel.

 

It is possible to use an XML certificate tag to filter based on common name and issuer. For instance, if it is desired to filter to only show certificates issued by MANGOCA, include the following XML tags:

 

Client Certificate 1.png

 

To filter only client certificates issued by MANGOCA, include the following XML codes:

 

<sslvpn>

<connections>

<connection>

<name>Lab SSL VPN</name>

<certificate>
<common_name>
<match_type>wildcard</match_type>
<pattern>*</pattern>
</common_name>
<issuer>
<match_type>simple</match_type>
<pattern>MANGOCA</pattern>
</issuer>
</certificate>

</connection>

</connections>

</sslvpn>

 

Results:

 

Filtered client certificate.png

 

This feature is no longer available in the latest version of FortiClient EMS v7.2.

 

785
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.