PKI or peer users
A PKI, or peer user, is a digital certificate holder. A PKI user account on the FortiGate unit contains the information required to determine which CA certificate to use to validate the user’s certificate. Peer users can be included in firewall user groups or peer certificate groups used in IPsec VPNs. For more on certificates, see Certificates overview on page 523.
To define a peer user you need:
- a peer username
- the text from the subject field of the user’s certificate, or the name of the CA certificate used to validate the user’s certificate
Creating a peer user
The peer user can be configured only in the CLI.
To create a peer user for PKI authentication – CLI example:
config user peer edit peer1
set subject firstname.lastname@example.org set ca CA_Cert_1
There are other configuration settings that can be added or modified for PKI authentication. For example, you can configure the use of an LDAP server to check access rights for client certificates. For information about the detailed PKI configuration settings, see the FortiGate CLI Reference.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!