Authenticating administrators with security certificates

Chapter 3 Authentication for FortiOS 5.0 : Certificate-based authentication : Configuring certificate-based authentication : Authenticating administrators with security certificates

You can install a certificate on the management computer to support strong authentication for administrators. When a personal certificate is installed on the management computer, the FortiGate unit processes the certificate after the administrator supplies a username and password.

To enable strong administrative authentication:

• Obtain a signed personal certificate for the administrator from a CA and load the signed personal certificate into the web browser on the management computer according to the browser documentation.

• Install the root certificate and the CRL from the issuing CA on the FortiGate unit (see “Installing a CA root certificate and CRL to authenticate remote clients”).

• Create a PKI user account for the administrator.

• Add the PKI user account to a firewall user group dedicated to PKI-authenticated administrators.

• In the administrator account configuration, select PKI as the account Type and select the User Group to which the administrator belongs.