FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
ctanev1
Staff
Staff
Article Id 191545
Description
This article explains how to configure FortiClient to use FortiToken 300 for certificate authentication.

Solution
Certificates installed on FTK300 are the same as with local certificate for VPN in FortiClient.

Certificate itself has to have "Microsoft Smartcardlogin" extendedKeyUsage property, this it is possible to import it to token and MS Windows will consider the certificate as placed on SmartCard storage.

 If these certificate are made on FortiAuthenticator, then during creation check the box "Use certificate for Smart Card logon" on the bottom of the "Create New User Certificate" page.

When the certificate has "Microsoft Smartcardlogin", it will be visible in Windows Certificate Sore.

As initial checking it will be good the Certificates installed on FTK300 to be checked on Windows Certificate Sore.

If the certificate is visible in Windows Certificate Sore, it should be visible in FortiClient.

FortiToken docs:
https://docs.fortinet.com/product/fortitoken/5.0

FortiClient docs:
https://docs.fortinet.com/product/forticlient/6.2


Contributors