User PKI
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 665
http://docs.fortinet.com/ • Feedback
Figure 413:
Example PKI User list
Configuring peer users and peer groups
You can define peer users and peer groups used for authentication in some VPN
configurations and for PKI certificate authentication in firewall policies.
A peer user is a digital certificate holder that can use PKI authentication. Before using PKI
authentication, you must define peer users to include in the user group that is incorporated
into the firewall authentication policy.
To define a peer user, you need:
• a peer user name
• the text from the subject field of the certificate of the authenticating peer user, or the
CA certificate used to authenticate the peer user.
You can add or modify other configuration settings for PKI authentication. For more
information, see the FortiGate CLI Reference.
To create a peer user for PKI authentication, go to User > PKI, select Create New., and
enter the following:
Name The name of the PKI user.
Subject The text string that appears in the subject field of the certificate of the
authenticating user.
CA The CA certificate that is used to authenticate this user.
Delete icon Delete this PKI user.
The delete icon is not available if the peer user belongs to a user group.
Remove it from the user group first.
Edit icon Edit this PKI user.
Caution: If you use the CLI to create a peer user, Fortinet recommends that you enter a
value for either subject or ca. If you do not do so, and then open the user record in the web-
based manager, you will be prompted to enter a subject or ca value before you can
continue.
To Next Page
Loading...
Need help?
General