NSA Suite B cryptography support
FortiOS supports the use of ECDSA Local Certificates for SSL VPN Suite B. The National Security Agency (NSA) developed Suite B algorithms in 2005 to serve as a cryptographic base for both classified and unclassified information at an interoperable level.
FortiOS allows you to import, generate, and use ECDSA certificates defined by the Suite B cryptography set. To generate ECDSA certificates, use the following command in the CLI:
exec vpn certificate local generate ec
See Also
| FortiOS supports LDAP password renewal notification and updates through SSL VPN. Configuration is enabled using the CLI commands: config user ldap edit <username> set password-expiry-warning enable set password-renewal enable end For more information, see the Authentication chapter of The Handbook. |