FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Description This article explains how to ensure that FortiClients can use certificates from Local machine certificate store for authentication with SSLVPN.
Solution FortiClient can use certificates as the only, or as an additional method of authentication when connecting to an SSLVPN gateway. In some instances, it can be desirable to use machine certificates in that connection, not user certificates.
FortiClient allows certificates from Local machine certificate store to be used. However, some configuration and permissions need to be set:
1) The user account FortiClient is running under needs permission to access the Local machine certificate store.
2) The certificate is visible for selection in the VPN connection settings if proper permissions are set.
3) The VPN connection needs to have usage of Local machine certificate store explicitly enabled. This can be done by modifying the FortiClient configuration as follows:
- Export the FortiClient backup from the 'Settings’ menu.
- Open the resulting file in a text editor. The FortiClient configuration is laid out as an XML file.
