Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carlos_A_Almeida
New Contributor III

SSL VPN with user certificate (and wildcard too).

Hi guys,

 

I'm facing a problem here. I'm really stuck with this.

 

Our Fortigate (60D) is working perfect with 5.4.1 FortiOS version. We're using SSL VPN with a Wildcard certificate issued by COMODO, all are ok. This is the good side of the history.

 

The bad side of it is that now I have to generate individual user certificates for each user that are using our SSL VPN connection.

 

I found this cookbook article: http://cookbook.fortinet.com/ssl-vpn-with-certificate-authentication/

 

Ok, I followed, wildcard certificate is there, CA certificate is there, but I didn't know how to correct generate user certificates using openssl (or another app).

 

Someone can help me with this?

 

Thank you (sorry about language mistakes).

 

Carlos

2 REPLIES 2
emnoc
Esteemed Contributor III

Why do you need to sign individuals certs? If you have a wildcard it should be anything to the right of the *. Can you explain what you want to use for a user-cert.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Carlos_A_Almeida

Hello Emnoc, how are you?

 

It's because we want to add a second factor of authentication, like OpenVPN do, for example. Of course, we could use FortiToken to do this but would be expensive. With individual certificates, like in that cookbook article at original post, we will sign our users connections with CA cert installed at Fortigate. 

 

I made this clear? If not let me know.

 

Thank you and best regards.

Labels
Top Kudoed Authors