Administrators System Admin
FortiGate Version 4.0 Administration Guide
220 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
3 Enter or select the following:
4 Configure additional features as required. For more information, see “Configuring an
administrator account” on page 212.
5 Select OK.
Configuring PKI certificate authentication for administrators
Public Key Infrastructure (PKI) authentication uses a certificate authentication library that
takes a list of peers, peer groups, and user groups and returns authentication successful
or denied notifications. Users only need a valid certificate for successful authentication; no
username or password is necessary.
If you want to use PKI authentication for an administrator, you must configure the
authentication before you create the administrator accounts. To do this you need to:
• configure a PKI administrator to be included in the user group
• create a user group.
To view the PKI user list, go to User > PKI.
Figure 113: Example PKI user list
To configure a PKI user
1 Go to User > PKI.
2 Select Create New, or select the Edit icon beside an existing PKI user.
Administrator A name that identifies the administrator.
Type Remote.
User Group The user group that includes the TACACS+ server as a member.
Wildcard Select to allow all accounts on the TACACS+ server to be administrators.
Password The password the administrator uses to authenticate. Not available if Wildcard
is enabled.
Confirm
Password
The re-entered password that confirms the original entry in Password. Not
available if Wildcard is enabled.
Admin Profile The admin profile to apply to the administrator.
Create New Add a new PKI user.
Name The name of the PKI user.
Subject The text string that appears in the subject field of the certificate of the
authenticating user.
CA The CA certificate that is used to authenticate this user.
Delete icon Delete this PKI user.
Edit icon Edit this PKI user.
To Next Page
Loading...