Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
sjerry
Staff
Staff

Created on ‎10-07-2025 11:25 AM

Article Id 414102

Technical Tip: How to set up EAP TLS on workstation and FortiNAC

Description This article is to help assist the setup of EAP TLS authentication via FortiNAC.
Scope

FortiNAC, CentOS, nacOS.
Solution

Change network properties to the SSID to the following Microsoft: Smart Card or other certificate.


p1.png

Select Advanced settings.

 

p2.png

 

Select Ok and go to settings from the Network Properties window:

Make sure the following selections are chosen:

  • Confirm the trusted root CA is selected.


p3.png

In the FortiNAC UI –> Network -> RADIUS -> Local Servers.

  • Make sure OSCP is turned off.


p4.png

p5.png

 

Navigate to System -> Certificate Management -> Trusted Certificates.

Add the trusted root CA:

Picture10.png

 

Run a pcap and filter by Type to see if the supplicant is using EAP TLS.


Picture9.png


After connecting, the changes should be reflected in the GUI.


p8.png

 

Related articles:

Technical Tip: How to enable OCSP support and OCSP responder errors on FortiNAC

Technical Tip: Extracting certificates from SSL/TLS handshake packet capture
76
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.