Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎10-01-2018 03:39 AM Edited on ‎05-27-2024 06:05 AM By Staff

Article Id 197989

Technical Tip: Cert-Check Custom Scan

Description

 
This article discusses Cert-Check Custom Scan.


Scope

 

FortiNAC, FortiNAC -F.


Solution


Cert-Check is one of the Custom Scans available for Endpoint Compliance Policies for Windows hosts.  This scan searches for a specific SSL Certificate installed on the host.

The certificate being scanned must have a Common Name that should match the host`s FQDN, and be installed in the following locations:

  • On the host in the Certificate Store under Local Computer > Personal > Certificates.
  •  In Network Sentry's Persistent Agent Cert-Check target under System -> Settings -> Security -> Certificate Management.

The below configuration may be used for a reference.
 
  1. Create a TLS-Client certificate that has a Common Name that matches host FQDN


1.png

 

  1. Check if the Local Root CA has already been imported in the client as a Trusted Certificate.


2.png

 

  1. Import the same Local Root CA under FortiNAC System -> Settings -> Security -> Certificate Management -> Persistent Agent Cert-Check.


3.png

 

  1. Create a Custom Scan for Certification-Check.


4.png
For further details, refer to the Online Help topic Create Custom Scans For Windows.

Labels:
1503
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.