Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhanna
New Contributor II

SSL VPN Site-to-Site

Hello All

Kindly i tried to configure SSL Site to Site between two firewall but unfortunatelly the guide cant help me especially on certificate point

I created PKI user with its certificate but face issue in Server Certificate and Client certificate So appreciated any one an sent me a guide to proceed this point step by step or advice me how can do this configuration

Thanks

 

6 REPLIES 6
lmarinovic
Staff
Staff

Hello,

 

You probably mean IPsec VPN? There is this document on how to configure the Site-to-site VPN with digital certificate:

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/344213/site-to-site-vpn-with...

 

Hope it helps.

 

Best regards,

 

Lazar

 

 

Best regards

Lazar Marinovic
gfleming
Staff
Staff

Are you actually intending to create an SSL VPN site-to-site tunnel? Can you not use IPSec? It will be easier...

 

If you need SSL-VPN follow these docs: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/508779/fortigate-as-ssl-vpn-client

 

For Certificates you need a CA cert (can be your existing AD PKI or create a basic one using OpenSSL or something) and then sign some certs for the users and import those.

Cheers,
Graham
mhanna
New Contributor II

Thanks for your reply

Actually i followed SSL-VPN follow these docs and i create certificate from fortiAuthenticator but i need to know which certificate should be choose on Server certificate and on client certificateclient certificate.pngServer Certificate.png

lmarinovic

Hi,

 

If you created the certificate from FortiAuthneticator as server certificate then you will need to select that one. You will also need to upload CA certificate from FortiAuthneticator to both FortiGates then.  From the client side you will choose that FortiAuthenticator CA in PKI user in CA filed.

 

Best regards,

 

Lazar

Best regards

Lazar Marinovic
mhanna
New Contributor II

Hi

Thanks for your reply

When i upload the certificate to both devices ,I can see the certificate on PKI user but when i go to choose Server certificate on device i didn't find the certificate which created on Forti-Authenticator and only see 'Fortinet_Factory' or 'Fortinet_Factory_Backup' and this is the issue why i didn't see the certificate created on this tab,i only see the created certificate on PKI user tab

Appreciate your support

mhanna
New Contributor II

Hello 

If you have any video for this configuration ,i will be appreciated if you share with me

Top Kudoed Authors