Authentication SSL- VPN With Compter Certificate

Noureddine · ‎04-13-2022

Spoiler

Hello,

I need some help to configure SSL VPN with certificate authentication only but for the computer not Users,

I share with u my config.

the log is :

tio3udes · ‎04-13-2022

I've never seen this set up before, so let me ask you this:

How are the devices presenting the certificate to the forticlient, to connect to the vpn?

Because the pki user, needs to be an actual user who is going to select the certificate on the client to present it to the firewall, as a mean of authentication.

ti03udes

Noureddine · ‎04-13-2022

I need just to authenticate with Computer certificate ,

tio3udes · ‎04-13-2022

I don't believe fortigate supports this kind of set up.

The sslvpn is for remote users, not devices. You have some ways to whitelist devices that can connect to the vpn, but you'll always need a user.

ti03udes

Debbie_FTNT · ‎04-14-2022

Hey Noureddine,

- machine certificate authentication is principally possible

- FortiGate needs to be set up for authentication, and you should make sure that ALL machine certificates match the 'user peer' you have defined

-> as your 'user peer' set-up is right now, any certificate issued by the 'dom-SRVAD-CA' certificate would be accepted

Please note that users, when establishing the VPN, will need to manually select the machine certificate in the drop-down menu FortiClient offers.

A guide to SSLVPN with certificate authentication:

https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/266506/ssl-vpn-with-certific...

A guide to allowing machine certificates to be used:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-use-certificates-from-Local-machi...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

mattw · ‎06-09-2023

Hey @Noureddine did you get this to work?

Authentication SSL- VPN With Compter Certificate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website