DescriptionThis article addresses the configuration where clients are to connect to SSL VPN using both their domain credentials and SSL user certificate.
It does not cover general SSL VPN configuration and LDAP configuration/integration in the FortiGate as it is assumed they are already in place.
SolutionImport the user certificate in the browser (IE). The user certificate will always be present in “Personnel” tab as shown below.
Also, import user’s CA certificate in the browser.
Import the server certificate and SSL VPN user’s CA certificate in the FortiGate.
Enable the “require client certificate” option and specify the SSL VPN server certificate in SSL VPN settings. Under the users/groups section, specify LDAP users/groups. This will enable both LDAP and certificate authentication.
Use the user certificate and LDAP credentials on the FortiClient as shown below:
The client will now be able to connect to SSL VPN using both their domain credentials and their user certificate. Related Articles
Technical Note: SSL VPN - Certificate Based Authentication