Is anyone using the communication between Fortigate and LDAP over SSL. I would like to move the configuration from default to SSL so that there is secure communication between the components. Please suggest if there will be any downtime in moving the configuration which I want to achieve?
IF the config is done right then there is NO downtime at all. LDAP server can be set to LDAPs already, communication in both LDAP and LDAPs. And then just set certs and LDAPs on FGT side.
As I said, if done properly it will start to work instantly.
Best regards, Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer AAA, MFA, VoIP and other Fortinet stuff
I was doing this in my lab but having issues setting it up. Do you have any idea where to import the certificate (downloaded from Fortigate) in LDAP server to make this working?
Please note that I am using Windows 2008 Server as LDAP server.
You have to make sure your ldap server have enabled ldaps, normally enabling ldaps requires certificate that mean you must have CA. In this point very important thing is CA's certificate, you have to export this certificate from your CA some case it built-in on your Ldap server then import this certificate to your FGT then configure ldaps on FGT with username password that have permission to query users on your LDAP server.
step to export CA's Certificate [link]https://support.microsoft.com/en-us/kb/555252[/link]
Sorry for this. I never done it before on enable ldaps server but I done success connect FGT with ldaps server followed step I have posted. I suggest easy way to try checking port 636 enabled or not then try to export certificate follow step in below link,
