Description
PKI authentication is the methodology used to verify the identity of a user by checking the validity of the certificate bound to that user. It is an alternative to traditional password based authentication. The traditional method is based on “what you know” – the password, while PKI authentication is based on “what you have” – the private key related to the certificate. A common weakness of traditional password based authentication is the vulnerability to password guessing or brute force attack. PKI authentication is more resilient to this type of attack hence provides a stronger authentication mechanism in this sense.
The attached document discusses PKI Authentication For FortiMail Web Mail Access.
Table of Contents
Introduction
Step 1: Generate the required certificates
Step 2: Import the CA certificate on FortiMail
Step 3: Create local domain and users
Step 4: Create PKI users
Step 5: Configure policies to enable PKI authentication
Step 6: Enable PKI authentication globally on CLI
Step 7: Test PKI authentication
Appendix: Generate User Certificates with MS CA
