Table of Contents
Advertisement
IPSec VPN
Managing digital certificates
Obtaining a signed local certificate
FortiGate-60R Installation and Configuration Guide
Figure 22: Adding a phase 2 configuration
Digital certificates are used to ensure that both participants in an IPSec
communications session are trustworthy, prior to an encrypted VPN tunnel being set
up between the participants.
Fortinet uses a manual procedure to obtain certificates. This involves copying and
pasting text files from your local computer to the certificate authority, and from the
certificate authority to your local computer.
•
Obtaining a signed local certificate
•
Obtaining a CA certificate
Note: Digital certificates are not required for configuring FortiGate VPNs. Digital certificates are
an advanced feature provided for the convenience of system administrators. This manual
assumes the user has prior knowledge of how to configure digital certificates for their
implementation.
The signed local certificate provides the FortiGate unit with a means to authenticate
itself to other devices.
Note: The VPN peers must use digital certificates that adhere to the X.509 standard.
Managing digital certificates
189
Advertisement
Table of Contents
