- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Authentication SSL- VPN With Compter Certificate
Hello,
I need some help to configure SSL VPN with certificate authentication only but for the computer not Users,
I share with u my config.
the log is :
- Labels:
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've never seen this set up before, so let me ask you this:
How are the devices presenting the certificate to the forticlient, to connect to the vpn?
Because the pki user, needs to be an actual user who is going to select the certificate on the client to present it to the firewall, as a mean of authentication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need just to authenticate with Computer certificate ,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't believe fortigate supports this kind of set up.
The sslvpn is for remote users, not devices. You have some ways to whitelist devices that can connect to the vpn, but you'll always need a user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Noureddine,
- machine certificate authentication is principally possible
- FortiGate needs to be set up for authentication, and you should make sure that ALL machine certificates match the 'user peer' you have defined
-> as your 'user peer' set-up is right now, any certificate issued by the 'dom-SRVAD-CA' certificate would be accepted
Please note that users, when establishing the VPN, will need to manually select the machine certificate in the drop-down menu FortiClient offers.
A guide to SSLVPN with certificate authentication:
A guide to allowing machine certificates to be used:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Noureddine did you get this to work?
