Created on 11-24-2005 12:00 AM Edited on 01-30-2024 02:48 AM By Kate_M
Description | This article describes a method of verifying that a certificate offered by a remote VPN device (FortiClient or FortiGate), is valid on the local VPN device (FortiGate). |
Scope |
- FortiGate units running FortiOS v2.80. - FortiClient v2.0. - Windows XP or 2003 Server. |
Solution |
Note: It is assumed that the certificates have already been imported into the respective devices. A Windows XP or 2003 Server will be used to perform the validation. To validate a certificate:
1) Export the certificate from the remote FortiClient by going to VPN -> My Certificates -> Export. Use the file type .cer.
2) Export the CA Certificate from the local FortiGate unit by going to VPN -> Certificates -> Local Certificates and selecting Export for the selected certificate. Use the file type .cer.
3) Copy both .cer files to a Windows XP or Windows 2003 Server.
4) Select the remote certificate, and confirm that it cannot be verified. This confirms that the correct root certificate is not installed on that PC. 5) Select the CA Certificate (CA Root Certificate), and install it. Once installed, ensure that it is valid, by selecting it again.
6) Select the remote certificate, and confirm that it is valid and that the Certificate status is OK.
The root certificate can eventually be removed from the Windows PC, using the MMC console. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.