![]() Private_key = $dir/private/cakey.pem# The private key Serial = $dir/CA/serial # The current serial number This specifies the file locations for OPENSSL.ĭir = /etc/ssl # Where everything is keptĭatabase = $dir/CA/index.txt # database index file.Ĭertificate = $dir/certs/cacert.pem # The CA certificate ![]() Sudo sh -c "echo '01' > /etc/ssl/CA/serial"ġ.3 Edit the config file – nano /etc/ssl/openssl.cnf The CA needs a few additional files to operate, one to keep track of the last serial number used by the CA, and another file to record which certificates have been issued: 1.1 Create the directories to hold the CA certificate. This will create a chain of trust called public key infrastructure (PKI). You will need to install the CA and Server Certificate on the Fortigate and the Client PKCS#12 certificate on the end user computer where the Forticlient VPN application is installed. You will need to generate a root certificate to sign the Server and Client certificate. Generate the CA or root certificate (Certificate Authority) We will be using OPENSSL to generate the CA and certificates. This is a detailed guide on how to configure a SSL VPN with certificate authentication on a Fortigate.
0 Comments
Leave a Reply. |