Authenticating administrators with security certificates
You can install a certificate on the management computer to support strong authentication for administrators. When a personal certificate is installed on the management computer, the FortiGate unit processes the certificate after the administrator supplies a username and password.
To enable strong administrative authentication:
• Obtain a signed personal certificate for the administrator from a CA and load the signed personal certificate into the web browser on the management computer according to the browser documentation.
• Create a PKI user account for the administrator.
• Add the PKI user account to a firewall user group dedicated to PKI-authenticated administrators.
• In the administrator account configuration, select PKI as the account Type and select the User Group to which the administrator belongs.