- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSLVPN using LDAP and a Certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I was wondering did you have to do anything "special" to get this to work, I am trying to get this to work, but am having an access denied error message on my SSL-VPN clients.
You mentioned you use the CA Certificate, so how did you set this up for the client computers? Did you follow some documentation you can point me to?.
Thanks in Advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue with this was eventually tied up with the LDAP authentication and not the certificate.
I had "CA" under the Name Identifier. It was suppose to be "SAMACCOUNTNAME".
Per your question, I'm afraid I'm still figuring out how it works.
Once I do I'll be sure to blog it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have managed to get this to work, it took some reading across multiple forums.
I followed this one to create the self signing certificates
The trick was that when building the certificate, I had to put in the section of the FQDN the SAME distinguished name configuration that had been used when setting up the LDAP interface, so in my case the FQDN had the entries of dc=xxxxx,dc=local, which matched the Distinguished Name in the LDAP configuration.
I then followed the remaining instructions above and imported the certificate as a CA Certificate and the P12 file as a user certificate on the device, but you have to import it when logged on as the USER who wants to remotely connect. Then configured the Forticlient to use this certificate and it worked,
I have just one certificate that I will use for those staff that need remote access, but you could create and load a remote certificate for each user, but didn't see a need.