Fortinet 282 FortiWeb 5.0 Patch 6 Administration Guide
4. To select a certificate, either:
•Enable SCEP and in the field to the right of it, type the URL of the applicable Simple
Certificate Enrollment Protocol server. (SCEP allows routers and other intermediary
network devices to obtain certificates.)
To specify a specific CA, type an identifier in the field below the URL.
•Enable Local PC and browse to find a certificate file.
5. Click OK.
6. To use the CA certificate when validating clients’ personal certificates, select it in a CA
certificate group, which is then selected in a certificate verification rule (see “Grouping
trusted CAs’ certificates” on page 282).
7. To test your configuration, cause your appliance to initiate a secure connection to an LDAPS
server (see “To configure an administrator remote authentication query group” on page 218).
If the query fails, verify that your CA is the same one that signed the LDAP server’s
certificate, and that its certificate’s extensions indicate that the certificate can be used to
sign other certificates. Verify that both the appliance and LDAP server support the same
cipher suites and SSL/TLS protocols. Also verify that your routers and firewalls are
configured to allow the connection.
See also
•Configuring FortiWeb to validate client certificates
Grouping trusted CAs’ certificatesCAs must belong to a group in order to be selected in a certificate verification rule for PKI
authentication (see “Configuring FortiWeb to validate client certificates” on page 316).
To configure a CA certificate group
1. Before you can create a CA group, you must upload at least one of the certificate authority
(CA) certificates that you want to add to the group. For details, see “Uploading trusted CAs’
certificates” on page 280.
2. Go to System > Certificates > CA Group.
To access this part of the web UI, your administrator's account access profile must have
Read and Write permission to items in the Admin Users category. For details, see
“Permissions” on page 47.
3. Click Create New.
A dialog appears.
4. In Name, type a name that can be referenced by other parts of the configuration. Do not use
spaces or special characters. The maximum length is 35 characters.
5. Click OK.
Clear
Edit
Delete