- Assume that the LDAP certificate has already been exported from the domain controller.
-
Copy from the certificate from the remote SCP server:
scp username@<remote-scp>:/copy/from/file /paste/directory
fnac-f:~$ execute enter-shell
fnac-f:~$ scp root@192.168.108.40:/tmp/labdc-DC1-cert.cer /home/admin
The authenticity of host '192.168.108.40 (192.168.108.40)' can't be established.
ED25519 key fingerprint is SHA256:cy8+.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.108.40' (ED25519) to the list of known hosts.
root@192.168.108.40's password:
labdc-DC1-cert.cer 100% 1577 2.5MB/s 00:00
-
Confirm that the certificate was successfully copied to the /home/admin directory:
fnac-f:~$ cd /home/admin/
fnac-f:~$ ll
total 24
4 drwx------ 2 admin admin 4096 Oct 24 12:12 .ssh/
4 -rw-r--r-- 1 admin admin 1577 Oct 24 12:12 labdc-DC1-cert.cer
- Now import the certificate to the FortiNAC keystore using the following password ^8Bradford%23.
fnac-f:~$ keytool -import -trustcacerts -alias ldap_client -file /home/admin/labdc-DC1-cert.cer -keystore .keystore
Enter keystore password:
Re-enter new password:
Trust this certificate? [no]: yes
Certificate was added to keystore
fnac-f:~$
- Now verify the certificate was imported successfully, navigate to the/home/admin directory and enter the following command:
fnac-f:~$ keytool -list -v -keystore .keystore
Enter keystore password: <---- It is necessary to enter the ^8Bradford%23 password.
A snip of the output below
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ldap_client
Creation date: Oct 24, 2024
Entry type: trustedCertEntry
Owner:
Issuer: CN=labdc-DC1-CA, DC=labdc, DC=local
- Restart FortiNAC to clear any Cached LDAP sessions.
- Now navigate to System -> Settings -> Authentication -> LDAP and verify the configuration.
