Fortiauthenticator : SCEP Issue

achraf_harkati · ‎11-29-2017

Hi All,

I'm wondering if Anyone has used FortiAuthenticator to perform BYOD ?

I'm testing FAC 5.1.2 in a lab envirement to authenticate WiFi users using EAP-TLS, the FAC has a CA certificate configured (signed by a Win2016 root CA). And I'm stuck at getting devices self-enrolled to obtain a certificate that they can use for EAP-TLS.

I've enabled Device Self-enrollment using the CA Certificate Template (SCEP request is configured using Wildcard).

At the moment, I'm unable to enroll a client device on the url : https://FAC-IP/cert/scep . I'm getting the following error on the Browser : "operation" parameter is required

I've also tried http (enabled http on the Interface) instead of https and keep getting the same error.

Has anyone faced the same problem before ?

Has anyone succefully got device self-enrollment working on FAC using SCEP ?

Do FAC provide an onboarding portal similar to other products such as Aruba Clearpass ?

Your help will be very much appreciated.

Achraf.

80211WiGuy · ‎03-14-2024

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Enabling-the-self-service-portal-...

I think this is what we're trying to accomplish, but no luck just yet.

vraev · ‎03-15-2024

Hi,

Please review in the docs, also:

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-sign-a-certificate-with-Su...
https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/628126/fortiauthenticator-as-a-...
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-sign-a-CSR-on-FortiAuthent...

V.R.

rubh3n · ‎03-04-2025

We are also looking at FAC to provide a portal that we can use so that BYOD users can access to request a certificate that they can use for IPsec VPN.

Has the "Device Self-Registration" feature has been updated since 2017?

Fortiauthenticator : SCEP Issue

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website