I need some help to configure SSL VPN with certificate authentication only but for the computer not Users,
I share with u my config.
the log is :
I've never seen this set up before, so let me ask you this:
How are the devices presenting the certificate to the forticlient, to connect to the vpn?
Because the pki user, needs to be an actual user who is going to select the certificate on the client to present it to the firewall, as a mean of authentication.
I need just to authenticate with Computer certificate ,
I don't believe fortigate supports this kind of set up.
The sslvpn is for remote users, not devices. You have some ways to whitelist devices that can connect to the vpn, but you'll always need a user.
- machine certificate authentication is principally possible
- FortiGate needs to be set up for authentication, and you should make sure that ALL machine certificates match the 'user peer' you have defined
-> as your 'user peer' set-up is right now, any certificate issued by the 'dom-SRVAD-CA' certificate would be accepted
Please note that users, when establishing the VPN, will need to manually select the machine certificate in the drop-down menu FortiClient offers.
A guide to SSLVPN with certificate authentication:
A guide to allowing machine certificates to be used:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.