Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
matchelo
New Contributor II

ssl vpn with ldap authentification

hi everyone. i need to configure ssl vpn with ldap authentification.

is it obliged to generate a certificate from my winfows server, or use the buikt in certificate of fortigate or buy a certificate for may vpn connection.

please help

2 REPLIES 2
Umer221
Staff
Staff

Hello @matchelo 

 

You have 3 options:

1. Generate a Certificate from Windows Server: You can generate and export a CA certificate from your Windows Server and import it into the FortiGate for SSL VPN authentication.

 

2. Use the Built-in Certificate of FortiGate: FortiGate provides a default self-signed certificate that you can use for SSL VPN. However, it is recommended to use a trusted CA certificate for better security.

 

3. Buy a Certificate for VPN Connection: You can purchase a certificate from a trusted Certificate Authority (CA) for your VPN connection. This option provides the highest level of security and trust for your SSL VPN setup.

FredPaul
New Contributor III

4. Install a Let's Encrypt certificate, which is a trusted CA and free. It's as secure as a paid certificate, and supports automatic renewal through the ACME protocol.

The main issue with using a built-in or self signed certificate is that you'll get a certificate warning unless you install the root certificate to your trusted root certificate store. Also, renewals is a very manual job.

And regarding option 1, you can generate a certificate from a linux computer too, just saying :)

-Fredrik
-Fredrik
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors