FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dnayak_FTNT
Staff
Staff
Description
This article addresses the configuration where clients are to connect to SSL VPN using both their domain credentials and SSL user certificate.

It does not cover general SSL VPN configuration and LDAP configuration/integration in the FortiGate as it is assumed they are already in place.

Solution
Import the user certificate in the browser (IE). The user certificate will always be present in “Personnel” tab as shown below.
sinamdar_FD36844_tn_FD36844-1.jpg
Also, import user’s CA certificate in the browser.
sinamdar_FD36844_tn_FD36844-2.jpg
Import the server certificate and SSL VPN user’s CA certificate in the FortiGate.
sinamdar_FD36844_tn_FD36844-3.jpg
Enable the “require client certificate” option and specify the SSL VPN server certificate in SSL VPN settings. Under the users/groups section, specify LDAP users/groups. This will enable both LDAP and certificate authentication.
sinamdar_FD36844_tn_FD36844-4.jpg
Use the user certificate and LDAP credentials on the FortiClient as shown below:
sinamdar_FD36844_tn_FD36844-5.jpg
The client will now be able to connect to SSL VPN using both their domain credentials and their user certificate.

Related Articles

Technical Note: SSL VPN - Certificate Based Authentication

Contributors