|
Note: It is assumed that the certificates have already been imported into the respective devices. A Windows XP or 2003 Server will be used to perform the validation.
To validate a certificate:
1) Export the certificate from the remote FortiClient by going to VPN -> My Certificates -> Export. Use the file type .cer.
2) Export the CA Certificate from the local FortiGate unit by going to VPN -> Certificates -> Local Certificates and selecting Export for the selected certificate. Use the file type .cer.
3) Copy both .cer files to a Windows XP or Windows 2003 Server.
If using a Windows 2003 Server, ensure that it is not the same one that was used to sign these unit's certificate request(s), that is, it is not a Certificate Authority.
4) Select the remote certificate, and confirm that it cannot be verified. This confirms that the correct root certificate is not installed on that PC.
5) Select the CA Certificate (CA Root Certificate), and install it. Once installed, ensure that it is valid, by selecting it again.
Certificate is displayed as OK.
6) Select the remote certificate, and confirm that it is valid and that the Certificate status is OK.
If it is not valid, this indicates that there is a mismatch between the two, and it will not work in a VPN environment.
The root certificate can eventually be removed from the Windows PC, using the MMC console.
|
