| Description |
This article describes how to configure SSL VPN to work with a computer and user certificate. |
| Scope | FortiGate. |
| Solution |
This guide provides configuration on SSL VPN to match with the user and computer certificate.
Refer to the below cookbook for a detailed setup on SSL VPN with LDAP-integrated certificate authentication.
FortiGate LDAP matches certificate based on SAN and as per writing it only can support the UPN name which works for the user certificate as the LDAP user attribute contain UPN.
LDAP computer attribute does not contain UPN, in order to get matched for both user and machine, it is necessary to use sAMAccountName as the matching attribute. It needs to be configured under 'config user ldap' referred to in the below example:
config user ldap edit "ldap-AD" set server "172.18.60.206" set cnid "cn" set dn "dc=fortinet-fsso,dc=com" set type regular set username "cn=admin,ou=testing,dc=fortinet-fsso,dc=com" set password ldap-server-password set account-key-processing [same | strip] -> required to strip the domain name set account-key-filter "(&(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))" next end
Related article: |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR (on-premise)
- FortiNAC-F
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiRecon
- FortiProxy
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: SSL VPN with LDAP-integrated Machin...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.