Hi, I'm new to Fortigate and this week got my WF-81F-2R-A and it works great, using SSL VPN perfectly on the free FortiClient VPN on Linux. For added security I created a certificate inside my Fortigate with 'LetsEncrypt' and put it in my Fortigate's VPN Settings with no problem.
Then I tried to put that certificate in the free FortiClient, and no matter what I can't see the certificates to load. Am I doing something wrong or is the software intentionally misbehaving without courtesy of an error or warning message?
I looked all day online for an explanation or guide. All I ever see is "press the Import Certificate button to import a certificate" kinda stuff.
Thanks for any assistance,
B83
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you want to change the default ssl-vpn certificate. You just need to change the Fortigate side. You said, you already did this with LetsEncrypt.
The certificate selection area in FortiClient is for authentication with a certificate. Because of that, these things are different.
You don't need to do anything on the FortiClient side.
Hello @B83 ,
Don't need to import the letsencrypt certificate to your client's PC.
If you try to connect with compatible fqdn with your ssl-certificate. FortiClient will not give a warning.
How is your client configuration? Are you connecting via IP or fqdn?
Hi ozkanaltas,
I can connect easily with the FortiClient VPN free software client across the Internet using FQDN or IP. It works very well.
I am now trying to make the connection more secure.
So, I am trying to import my SSL VPN certificate into FortiClient free VPN client software. The FortiClient free VPN client software cannot find any certificates, no matter where I navigate to in the software.
How do I import a local certificate into the FortiClient free VPN client software?
p.s. this is what I'm doing-
First, I configure and verify that my FortiClient free VPN software is connecting perfectly across the Internet from my Linux computer. It does, very well.
Then I do these steps, for better security-
1. open FortiClient free VPN software
2. click the 'hamburger' and select ''Edit the selected connection"
3. select 'Local Certificate'. In doing so the 'Import Certificate' button appears
4. I press the 'Import Certificate' button. In doing so a file explorer appears
5. No matter where I navigate to in the file explorer, no certificates are shown
I have a local directory full of certificates. Why does the FortiClient free VPN software not see them?
Hello @B83 ,
Sorry for the confusion. Do you want to authenticate your user with a certificate or do you just want to change the ssl-vpn service certificate?
If you want to first one, you can follow this document.
If you want to second one. You don't need to install certificates for all clients.
Also, What did you make FortiGate side? Can you describe them?
Hi,
Thank you for the link, but the link does not mention anything about the FortiClient VPN client.
The link mentions only the Fortinet device configuration, which I have performed earlier.
My Fortinet device configuration is such that I can use VPN across the Internet without any problem.
My problem is:
I would like to use a different SSL VPN certificate than 'Fortinet_Factory' on my Fortinet device and my free FortiClient VPN client .
I created a 'LetsEncrypt' certificate and installed it in my Fortinet's VPN->SSL-VPN-Settings, but I cannot install it in the FortiClient VPN client as the FortiClient VPN client's browser does not show any certificates at all.
Thanks, B83
If you want to change the default ssl-vpn certificate. You just need to change the Fortigate side. You said, you already did this with LetsEncrypt.
The certificate selection area in FortiClient is for authentication with a certificate. Because of that, these things are different.
You don't need to do anything on the FortiClient side.
As I recall we just have to trust the CA. Thanks for saying we don't have to put it in the client. That made me remember its not a shared-secret IPsec thing. Thanks also for the link, too. I will have a go at it when I recover from the weekend.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1717 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.