Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Debbie_FTNT
Staff
Staff

Created on ‎02-10-2020 03:55 AM

Article Id 193246

Technical Tip: How to use certificates from Local machine certificate store for SSLVPN connections in FortiClient

Description
This article explains how to ensure that FortiClients can use certificates from Local machine certificate store for authentication with SSLVPN.

Solution
FortiClient can use certificates as the only, or as an additional method of authentication when connecting to an SSLVPN gateway.
In some instances, it can be desirable to use machine certificates in that connection, not user certificates.

FortiClient allows certificates from Local machine certificate store to be used.
However, some configuration and permissions need to be set:

1) The user account FortiClient is running under needs permission to access the  Local machine certificate store.

2) The certificate is visible for selection in the VPN connection settings if proper permissions are set.

3) The VPN connection needs to have usage of  Local machine certificate store explicitly enabled.
This can be done by modifying the FortiClient configuration as follows:

- Export the FortiClient backup from the 'Settings’ menu.

- Open the resulting file in a text editor.
The FortiClient configuration is laid out as an XML file.

- In the VPN section, set the following:
<vpn>
<sslvpn>
<connections>
<connection>
<name>VPN_connection</name>
<certificate> [...]
</certificate>
<allow_standard_user_use_system_cert>1</allow_standard_user_use_system_cert>
[...]
</connection>
</connections>
</sslvpn>
</vpn>
- Save the change, then import the modified configuration into FortiClient.
This might require unlocking FortiClient for changes.

Related links:

How to view certificates on a Windows Computer:
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-view-certificates-with-...

Ensuring FortiClient has proper access:
https://help.fortinet.com/fclient/olh/5-4-3/Content/FortiClient-5.4-Admin/1100_Remote%20Access/811_A...

21551
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.