Description
This article describes how to use own certificates for the FortiAuthenticator API and administrative access.
It also shows how to set up Microsoft Windows Agent and Outlook Web Access Agent to verify the server (FortiAuthenticator) certificate.
Scope
Microsoft Windows Agent
Outlook Web Access Agent
Solution
On the FortiAuthenticator, import own certificates via GUI:
Go to: Certificate Management -> End Entities -> Local Services
Import server certificate issued for FortiAuthenticator
On Outlook Web Access Agent:
This article describes how to use own certificates for the FortiAuthenticator API and administrative access.
It also shows how to set up Microsoft Windows Agent and Outlook Web Access Agent to verify the server (FortiAuthenticator) certificate.
Scope
Microsoft Windows Agent
Outlook Web Access Agent
Solution
On the FortiAuthenticator, import own certificates via GUI:
Go to: Certificate Management -> End Entities -> Local Services
Import server certificate issued for FortiAuthenticator
Go to: Certificate Management -> Certificate Authorities -> Trusted CAs
Import CA certificate which issued the above-mentioned server certificate
Then, set up newly imported certificates for the API and administrative access:
Go to: System -> Administration -> System Access
- HTTPS Certificate (select imported server certificate)
- CA certificate that issued the server certificate (select imported CA certificate which issued server certificate)
Go to: System -> Administration -> System Access
- HTTPS Certificate (select imported server certificate)
- CA certificate that issued the server certificate (select imported CA certificate which issued server certificate)
Setting up verification of server certificate on FAC agents:
On Microsoft Windows Agent:
Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC
1) Go to: Agent configuration -> General
1) Go to: Agent configuration -> General
2) Click on 'Configure'
3) A new window will open. Go to: General
4) Check the option 'Verify Server Certificate'
4) Check the option 'Verify Server Certificate'
Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)
Download the CA certificate which issued the FortiAuthenticator’s server certificate to the PC
1) Go to: Agent configuration > General
2) Check the option 'Verify Server Certificate'
Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)
Select the path where the CA certificate was downloaded for the 'CA Certificate file'
1) Go to: Agent configuration > General
2) Check the option 'Verify Server Certificate'
Fill out the 'Server Subject Name' (needs to match with the server certificate issued for FortiAuthenticator)
Select the path where the CA certificate was downloaded for the 'CA Certificate file'
