Secure connections and certificates Page 108 FortiRecorder 2.4.2 Administration Guide
5. Next to Certificate file, click the Browse button and select your CA’s certificate file.
6. Click OK.
Time required to upload the file varies by the size of the file and the speed of your network
connection.
7. To test your configuration, cause your appliance to initiate a secure connection to an LDAPS
server (see “To configure an LDAP query” and “To configure an account”).
If the query fails, verify that your CA is the same one that signed the LDAP server’s
certificate, and that its certificate’s extensions indicate that the certificate can be used to
sign other certificates. Verify that both the appliance and LDAP server support the same
cipher suites and SSL/TLS protocols. Also verify that your routers and firewalls are
configured to allow the connection.
See also
• Revoking certificates
• User management
Example: Downloading the CA’s certificate from Microsoft Windows 2003 Server
If you are generated and signed your LDAP server’s certificate using Microsoft Certificate
Services on Microsoft Windows 2003 or 2008 Server, you must download the CA’s certificate
and provide it to the FortiRecorder appliance so that it will be able to verify the CA signature on
the certificate.
To download a CA certificate from Microsoft Windows 2003 Server
1. On your management computer, start your web browser.
2. Go to:
https://<ca-server_ipv4>/certsrv/
where <ca-server_ipv4> is the IP address of your CA server.
3. Log in as Administrator.
Other accounts may not have sufficient privileges. The Microsoft Certificate Services home
page for your server’s CA should appear.
To Next Page
Loading...