Prerequisite:

• FortiWeb Server Policy enabled HTTPS Protocol Service.
• CA and User Certificate generated from the local device.

1. Log into FortiWeb GUI and navigate to Server Objects -> Certificates -> CA.     
   
   

2. Import the CA root cert generated from the local server which is used to sign the users’ certificate.
   
   

   

    

3. The imported CA cert is shown on the page:
   
   

   

    

4. Then navigate to the CA Group tab and create a new CA Group.
   
   

   

    

5. Select the imported CA into the CA Group member.
   
   

   

    

6. Go to the Certificate Verify page and create a new Certificate Verify group.
   
   

   

    

7. Select the created CA Group in the Certificate Verify group.
   
   

   

    

8. Go to the Server Policy and edit the policy that is required to be enabled with the Client-side certificate verification. Select the Advanced SSL settings and the dropdown menu of Certificate Verification for HTTPS, and select the created Certificate Verify group. Then, save the policy settings.
   
   

   

    

9. The Server Policy is now enabled with Client-side certificate verification. Now ensure that the client’s device has imported the user certificate signed by the CA cert.
   
   

   

    

10. Try to browse the webpage protected by the server policy. The page shall prompt with the client’s SSL certificate selection. Select the correct certificate to browse the page.
    
    

    

     

Related document: