Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
B83
New Contributor

free vpn client certificate problems

Hi, I'm new to Fortigate and this week got my WF-81F-2R-A and it works great, using SSL VPN perfectly on the free FortiClient VPN on Linux. For added security I created a certificate inside my Fortigate with 'LetsEncrypt' and put it in my Fortigate's VPN Settings with no problem.

 

Then I tried to put that certificate in the free FortiClient, and no matter what I can't see the certificates to load. Am I doing something wrong or is the software intentionally misbehaving without courtesy of an error or warning message?

 

I looked all day online for an explanation or guide. All I ever see is "press the Import Certificate button to import a certificate" kinda stuff.

 

Thanks for any assistance,

B83

1 Solution
ozkanaltas
Valued Contributor II

If you want to change the default ssl-vpn certificate. You just need to change the Fortigate side.  You said, you already did this with LetsEncrypt. 

 

The certificate selection area in FortiClient is for authentication with a certificate. Because of that, these things are different. 

 

You don't need to do anything on the FortiClient side. 

 

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/718606/provision-a-trusted-certificate-...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
6 REPLIES 6
ozkanaltas
Valued Contributor II

Hello @B83 ,

 

Don't need to import the letsencrypt certificate to your client's PC. 

 

If you try to connect with compatible fqdn with your ssl-certificate. FortiClient will not give a warning. 

How is your client configuration? Are you connecting via IP or fqdn?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
B83
New Contributor

Hi ozkanaltas,

I can connect easily with the FortiClient VPN free software client across the Internet using FQDN or IP. It works very well.

 

I am now trying to make the connection more secure.

 

So, I am trying to import my SSL VPN certificate into FortiClient free VPN client software. The FortiClient free VPN client software cannot find any certificates, no matter where I navigate to in the software.

 

How do I import a local certificate into the FortiClient free VPN client software?

 

p.s. this is what I'm doing-

 

First, I configure and verify that my FortiClient free VPN software is connecting perfectly across the Internet from my Linux computer. It does, very well.

 

Then I do these steps, for better security-

1. open FortiClient free VPN software

2. click the 'hamburger' and select ''Edit the selected connection"

3. select 'Local Certificate'. In doing so the 'Import Certificate' button appears

4. I press the 'Import Certificate' button. In doing so a file explorer appears

5. No matter where I navigate to in the file explorer, no certificates are shown

 

I have a local directory full of certificates. Why does the FortiClient free VPN software not see them?

 

ozkanaltas
Valued Contributor II

Hello @B83 ,

 

Sorry for the confusion. Do you want to authenticate your user with a certificate or do you just want to change the ssl-vpn service certificate?

 

If you want to first one, you can follow this document.


https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/266506/ssl-vpn-with-certific...

 

If you want to second one. You don't need to install certificates for all clients.

 

Also, What did you make FortiGate side? Can you describe them?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
B83
New Contributor

Hi,

Thank you for the link, but the link does not mention anything about the FortiClient VPN client.

 

The link mentions only the Fortinet device configuration, which I have performed earlier.

 

My Fortinet device configuration is such that I can use VPN across the Internet without any problem.

 

My problem is:

I would like to use a different SSL VPN certificate than 'Fortinet_Factory' on my Fortinet device and my free FortiClient VPN client .

 

I created a 'LetsEncrypt' certificate and installed it in my Fortinet's VPN->SSL-VPN-Settings, but I cannot install it in the FortiClient VPN client as the FortiClient VPN client's browser does not show any certificates at all.

 

Thanks, B83

ozkanaltas
Valued Contributor II

If you want to change the default ssl-vpn certificate. You just need to change the Fortigate side.  You said, you already did this with LetsEncrypt. 

 

The certificate selection area in FortiClient is for authentication with a certificate. Because of that, these things are different. 

 

You don't need to do anything on the FortiClient side. 

 

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/718606/provision-a-trusted-certificate-...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
B83
New Contributor

As I recall we just have to trust the CA. Thanks for saying we don't have to put it in the client. That made me remember its not a shared-secret IPsec thing. Thanks also for the link, too. I will have a go at it when I recover from the weekend. 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors