Technical Tip: SSL/TLS and the use of Digital Cert...

Markus_M · 09-10-2025

Description This article describes FTP communication through FortiProxy and the required Syntax with CURL. Scope FortiProxy may also be applicable for FortiGate to some extent. Solution CURL is a versatile command-line program available for Linux and...

Markus_M · 07-07-2025

Description This article describes general troubleshooting and considerations when deploying the FortiAuthenticator to handle FSSO operation in high-performance environments. Scope FortiAuthenticator is used as an FSSO Collector. Solution Table of co...

Markus_M · 11-04-2024

Description This article describes an example use case for certmonger and the FortiAuthenticator as SCEP server. Note that certmonger is a third party tool and not endorsed by Fortinet. Its documentation can be found here:https://www.freeipa.org/page...

Markus_M · 09-05-2024

Description This article describes the general setup on an SMS gateway. It links to a few more specific setups as well. It intends to expand the documentation on the administration guide: SMS Gateway documentation Note that this does not include the ...

Markus_M · 09-21-2023

Description This article describes best practices for hardening environments with the FortiAuthenticator. It may in parts be true for other installations. Scope FortiAuthenticator all versions. FortiGate configuration is referred to in parts. Solutio...

Markus_M · 12-01-2025

rootCA - no chance. FortiAuthenticator can send it, if all intermediates and root CA are already imported.The client though won't care though - the rootCA is required to be on the client already. Importing the certificate is of course not the solutio...

Markus_M · 11-25-2025

Hey, on this here: "Verify return code: 20 (unable to get local issuer certificate)" means basically that the FortiAuthenticator sends a certificate that the client (OpenSSL) is unable to verify the chain for. It may or may not have a root CA, but th...

Markus_M · 11-20-2025

Hey Chris, you've been digging to get to this old post, haven't you? https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-dial-up-tunnel-using-IKEv2-with-FortiToken/ta-p/382760 Push notification over dial-up IKEv2 is supported only startin...

Markus_M · 11-19-2025

Also make sure the fw policy is using the VIP object. I don't see what "pasvr_web1" actually is, but it must be the VIP.

Markus_M · 10-14-2025

Then you may need to re-check what you created and uploaded, what the switch and firmware is. It works fine for me on a FortiSwitch. I can select the certificate in the SSL config as GUI HTTPS certificate.

User Statistics

User Activity

Technical Tip: Explicit FTP proxy communication with CURL through FortiProxy

Technical Tip: FSSO performance optimization for FortiAuthenticator as collector

Technical Tip: Example of use of certmonger and FortiAuthenticator as SCEP server.

Technical Tip: General SMS Gateway configuration for OTP or second factor authentication

Technical Tip: Best practices on hardening FortiAuthenticator environments

Re: Apple Devices with Captive Portal

Re: Apple Devices with Captive Portal

Re: FortiToken Mobile Push with IPsec VPN

Re: Traffic arrives at Virtual Server but seems to just blackhole

Re: Uploaded SSL certificate self signed missing on FortiSwitch

Technical Tip: SSL/TLS and the use of Digital Cert...

Technical Tip: Best practices on hardening FortiAu...

Technical Tip: Configuring DPD (dead peer detectio...

Technical Tip: FSSO performance optimization for F...

Technical Tip: DHCP address leases on a FortiGate

Re: 802.1X Wireless Machine Certificate based RADI...

Re: LDAP cert Configuration error

Re: UNABLE TO ACCESS MY GATEWAY VIA WEB GUI OR SSH

Re: FortiAuthenticator Guest Captive Portal Cannot...

Re: Detailed Specifications of 　File System Check ...

KCS

User Statistics

User Activity

You are leaving our website