I don't understand why the CA certificate must be installed on the ldap server. Why is it a prerequisite ? As long as the fortigate has the ca certificate, it has the public key that gives the fortigate the ability to validate the server certificate that the ldap server is providing. Do you have an idea why it is a prerequisite ? Thanks
You can create certificate with FortiAuthenticator by doing this: 1) Create CA first: Certificate Management > Certificate Authorities > Local CAs > Create New 2) Create Certificate signed by the CA: Certificate Management > End Entities > Create New
A stock Active Directory is configured to accept only LDAP (port 389) request only, and adding certs like you did will not make LDAPS requests work on port 636. You need to configure your AD to accept LDAPS request which you didn't show.
Yeah probably, I've had that server for many years so I must have missed a step. Drop a link/info if you've got anything to add, any info helps us all!!
I don't understand why the CA certificate must be installed on the ldap server. Why is it a prerequisite ? As long as the fortigate has the ca certificate, it has the public key that gives the fortigate the ability to validate the server certificate that the ldap server is providing. Do you have an idea why it is a prerequisite ? Thanks
how did you get the server certificate @4:16
I used FortiAuthenticator to create a CA Cert and Cert. You can use FortiAuthenticator, Windows CA, XCA etc.. to create certificates
Really good video
Any benefit of using IPsec vs just SSL VPN?
cloud you please make a video for the certificate creation from FortiAuth.
You can create certificate with FortiAuthenticator by doing this:
1) Create CA first: Certificate Management > Certificate Authorities > Local CAs > Create New
2) Create Certificate signed by the CA: Certificate Management > End Entities > Create New
A stock Active Directory is configured to accept only LDAP (port 389) request only, and adding certs like you did will not make LDAPS requests work on port 636. You need to configure your AD to accept LDAPS request which you didn't show.
Yeah probably, I've had that server for many years so I must have missed a step. Drop a link/info if you've got anything to add, any info helps us all!!