Description
Solution
This article outlines the steps to authenticate to FortiAP with certificate.
Solution
The following steps can be used for a Windows RADIUS server (NPS) on Server 2008 OS.
1) Using the Windows CA, issue user certificates for users.
2) Install NPS roll on Windows server and add FortiGate unit as RADIUS client.
3) Configure network policy on NPS with EAP type as PEAP and select only "Smart Card or other certificate" for the EAP types as shown below.
4) Configure RADIUS client on FortiGate unit with Windows server as the RADIUS server.
5) Configure SSID on FortiGate unit with Security Mode as "WPA2 Enterprise" and select RADIUS server.
6) Import CA certificate and User certificate on User device/computer.
7) Configure WIFI connection as shown in the following screenshot.
When connecting to SSID, select the user certificate as imported in step 6.
1) Using the Windows CA, issue user certificates for users.
2) Install NPS roll on Windows server and add FortiGate unit as RADIUS client.
3) Configure network policy on NPS with EAP type as PEAP and select only "Smart Card or other certificate" for the EAP types as shown below.
5) Configure SSID on FortiGate unit with Security Mode as "WPA2 Enterprise" and select RADIUS server.
6) Import CA certificate and User certificate on User device/computer.
7) Configure WIFI connection as shown in the following screenshot.
When connecting to SSID, select the user certificate as imported in step 6.
