Forticlient with TPM-enrolled certificates on Windows
I'm trying to get certificate-based authentication with TPM-enrolled certs working with FortiClient on Windows 10.
FortiClient ZTNA 7.0.7 on Windows 10
I have everything working with a software enrolled certificate on a test client, but when I try to connect from the same client with TPM-enrolled cert (issued from the same CA), the connection fails with error:
Unable to establish the VPN connection. The VPN server may be unreachable or your identity certificate is not trusted. (-5)
According to debug logs (and confirmed with wireshark) it appears as the Fortigate is sending a Client Certificate Request, but the client never responds with any certificate:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.