Technical Tip: How to configure FortiClient to use FortiToken 300 for certificate authentication

ctanev1 · ‎10-23-2019

Description

This article explains how to configure FortiClient to use FortiToken 300 for certificate authentication.

Scope

FortiClient.

Solution

Certificates installed on FortiToken-300 are the same as with local certificate for VPN in FortiClient.

The certificate itself has to have the 'Microsoft Smartcardlogin' extendedKeyUsage property, so that it is possible to import it to the token and MS Windows will consider the certificate as placed on SmartCard storage.

If these certificates are made on FortiAuthenticator, then during creation check the box "Use certificate for Smart Card logon" on the bottom of the "Create New User Certificate" page.

When the certificate has 'Microsoft Smartcardlogin', it will be visible in the Windows Certificate Store.

As initial checking, it will be good the Certificates installed on FTK300 to be checked on Windows Certificate Store.

If the certificate is visible in the Windows Certificate Store, it should be visible in FortiClient.

FortiToken docs:
https://docs.fortinet.com/product/fortitoken/5.0

FortiClient docs:
https://docs.fortinet.com/product/forticlient/6.2

Related article:
Technical Tip: Understanding FortiToken-300/310 and their deployment

Technical Tip: How to configure FortiClient to use FortiToken 300 for certificate authentication

You are leaving our website