FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Description This article describes how to configure LDAPS.
Scope FortiMail.

FortiMail uses the server certificate (CA that is signed to the LDAPs server certificate) to verify the LDAPs server certificate.

The LDAP server CA certificate is used to encrypt the pre-master key. FortiMail and LDAPs compute the master secret to generate the session keys which will be used to encrypt/decrypt data.


1) Upload the CA certificate under System -> Certificate -> CA Certificate.




2) Create the LDAPs profile under the LDAP section and save it.

Make sure whether there is an allowed policy for LDAPS traffic from the FortiMail IP address to the LDAP Server on the firewall.

The default port number is TCP/636. It should be permitted on the firewall.