Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jasetcs
New Contributor III

Created on ‎07-02-2018 06:10 AM

Client certificate help

I setup a Fortigate 60E with VPN access last week and using a cheap ssl certificate we had for a domain of ours we didn't use. I'm trying to work out how i create individual client certificates from this? I have it working where the certificate is install don fortigate and using ssl but they dont need client certificate however I'm looking to add that extra security.

 

The certificate i have comes with a .crt, .p7b, and ca-bundle file. I understand each client using the vpn remotely must have a client certificate that checks with the certificate installed on the fortigate.

 

Can i do this using open-ssl or is that not as secure as a paid certificate?

3466
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎07-02-2018 06:30 AM

Build your own  CA and sign your client's CSR. This is would I would do . As far as more secure , all CA are selfSign'd the only thing different from a publicCA and yours, is the publicCA paid money to have his certificate globally trusted by numerous OSes,Browsers,etc....

 

I would start here and change the  local  certificate out,  and install a privateCA  and root-cert in your clients.

 

http://socpuppet.blogspot.com/2015/10/fortigate-sslvpn-certificate-key.html

 

Than when you have a rootCA build ( openssl , MS-PKI,etc...) you sign the client's CSRs and enforce client-cert-req

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1645
0 Kudos
jasetcs
New Contributor III
In response to emnoc

Created on ‎07-03-2018 02:27 AM

thanks for the reply but bit confusing as SSL's arent my strongest point. Is there anyway i can create client certs from what I have or atlkeats 1 client cert that every user uses as we only have 2-3 remote workers

1645
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.