Fortinac-F Portal Certificate Problem

rcpdkc · ‎03-07-2024

I created a guest network in Fortigate firewall, security mode is on. Dynamic vlan enabled. Fortinac radius is connected behind it. I then included this wireless network in fortinac. When the user connects to the network, it assigns them to the quarantine vlan. Then the fortinac portal opens and the user registers. However, I have a problem like this. When the user connects to this network, the nac portal does not open. There is an untrusted network warning. To overcome this problem, I created a certificate in the active directory. And I included it in fortinac. However, when the user connects to the wireless network, the option to trust this certificate should normally appear, but it does not. The user cannot go to the portal because there is no certificate. How can I solve this problem?
Can I direct a user who is included in the open network directly to the portal without a certificate?
Or can I disable certificate verification from the SSL section in fortinac?

AEK · ‎03-07-2024

Guest users on BYOD are not part of the domain so they don't recognize its private cert. I always use public certificate for the isolation portal and like this I never have such issue.

AEK

rcpdkc · ‎03-07-2024

What do you mean by general certificate, I don't know much about the certificate, can you elaborate?

AEK · ‎03-07-2024

I guess you mean you have a browser warning about untrusted SSL cert when a guest enters the isolation portal, right? Or do you mean you have this issue with RADIUS certificate?

In case you mean isolation portal then the certificate is configured in menu Portal > Portal SSL. There you should use a public SSL certificate since the BYOD don't recognize your domain's CA. A public certificate is signed by a public authority and is recognized by all browsers.

In case you have issue with RADIUS certificate then I don't understand why do you use RADIUS authentication for Guests? Guest should use WPA2 Personal while Corp users should use RADIUS authentication.

AEK

rcpdkc · ‎03-07-2024

Guest users are guest users on fortinac. How do I authenticate these users with Wpa2 personnel?

AEK · ‎03-07-2024

Oh sorry :) we fall again in that question: manage or not manage guests with FortiNAC. In my experience never managed wifi guests with FNAC.

AEK

rcpdkc · ‎03-07-2024

How can I define a public certificate for the portal in the Fortinac certificate menu?

AEK · ‎03-07-2024

You go to System > Settings > Certificates (or something like that). There you will find 4 certificates: Portal, WebUI, RADIUS and Agent. There you install your public certificate as Portal cert. Once done you go back to Portal > Portal SSL and you select it.

AEK

rcpdkc · ‎03-08-2024

So is there a certificate you recommend that I can install for the general certificate?

AEK · ‎03-08-2024

You can use your public domain's wildcard certificate if you already have one, since this is for a private address (FNAC isolation) and it works perfectly. If you don't have then you can purchase it from any cert vendor (Certigo, Comodo, ...) or make it for free via Let's Encrypt.

AEK

Fortinac-F Portal Certificate Problem

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website