Pki - Fortinet FortiGate Series Administration Manual

PKI

PKI
664
You can enter information for up to five collector agents.
To add a new Directory Service server, go to User > Directory Service, select Create New,
and enter or select the following:
Figure 412: Directory Service server configuration
Name Enter the name of the Directory Service server. This name appears in the list of
Directory Service servers when you create user groups.
FSAE Collector Enter the IP address or name of the Directory Service server where this
collector agent is installed. The maximum number of characters is 63.
IP/Name
Port Enter the TCP port used for Directory Service. This must be the same as the
FortiGate listening port specified in the FSAE collector agent configuration.
Password Enter the password for the collector agent. This is required only if you
configured your FSAE collector agent to require authenticated access.
LDAP Server Select the check box and select an LDAP server to access the Directory
Service.
Public Key Infrastructure (PKI) authentication utilizes a certificate authentication library
that takes a list of peers, peer groups, and/or user groups and returns authentication
successful or denied notifications. Users only need a valid certificate for successful
authentication—no user name or password are necessary. Firewall and SSL VPN are the
only user groups that can use PKI authentication.
For more information about certificate authentication, see the
Management User Guide. For information about the detailed PKI configuration settings
available only through the CLI, see the
To view the list of PKI users, go to User > PKI.
FortiGate Certificate
FortiGate CLI Reference.
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
User
01-410-89802-20090903
• Feedback