user : Configuring users for authentication : Configuring peers for certificate authentication
 
Configuring peers for certificate authentication
If your FortiGate unit will host IPSec VPNs that authenticate clients using certificates, you need to prepare for certificate authentication as follows:
1. Import the CA certificates for clients who authenticate with a FortiGate unit VPN using certificates.
See vpn certificate ca.
2. Enter the certificate information for each VPN client (peer).
See user peer.
3. Create peer groups, if you have VPNs that authenticate by peer group. Assign the appropriate peers to each peer group.
See user peergrp.