FortiMail uses the server certificate (CA that is signed to the LDAPs server certificate) to verify the LDAPs server certificate. The LDAP server CA certificate is used to encrypt the pre-master key. FortiMail and LDAPs compute the master secret to generate the session keys which will be used to encrypt/decrypt data.
1) Upload the CA certificate under System -> Certificate -> CA Certificate.
2) Create the LDAPs profile under the LDAP section and save it.
Make sure whether there is an allowed policy for LDAPS traffic from the FortiMail IP address to the LDAP Server on the firewall.
The default port number is TCP/636. It should be permitted on the firewall.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.