Certificate
You can increase security by requiring both certificate and password authentication for PKI users. Certificates are installed on the user’s computer. Requiring a password also protects against unauthorized use of that computer.
Optionally peer users can enter the code from their FortiToken instead of the certificate.
To create a peer user with two-factor authentication - CLI example
config user peer
edit peer1
set subject E=peer1@mail.example.com
set ca CA_Cert_1
set two-factor enable
set passwd fdktguefheygfe
end
For more information on certificates, see
“Certificates overview”.