hi everyone. i need to configure ssl vpn with ldap authentification.
is it obliged to generate a certificate from my winfows server, or use the buikt in certificate of fortigate or buy a certificate for may vpn connection.
please help
Hello @matchelo
You have 3 options:
1. Generate a Certificate from Windows Server: You can generate and export a CA certificate from your Windows Server and import it into the FortiGate for SSL VPN authentication.
2. Use the Built-in Certificate of FortiGate: FortiGate provides a default self-signed certificate that you can use for SSL VPN. However, it is recommended to use a trusted CA certificate for better security.
3. Buy a Certificate for VPN Connection: You can purchase a certificate from a trusted Certificate Authority (CA) for your VPN connection. This option provides the highest level of security and trust for your SSL VPN setup.
4. Install a Let's Encrypt certificate, which is a trusted CA and free. It's as secure as a paid certificate, and supports automatic renewal through the ACME protocol.
The main issue with using a built-in or self signed certificate is that you'll get a certificate warning unless you install the root certificate to your trusted root certificate store. Also, renewals is a very manual job.
And regarding option 1, you can generate a certificate from a linux computer too, just saying :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1787 | |
1117 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.