The CA certificate and a user certificate for each user. You will need 2 Certificates for this configuration. I recommend having a dedicated CA server in a production environment but since mine is a lab, I need to save cycles, RAM and storage □ You can enable the role on an existing server or spin up a new one. If you are going to use Microsoft CA services for this configuration, you will obviously need to have it installed in your Windows environment. OCSP to revoke certificates Microsoft CA Certificate Optional – User certificates to be automatically assigned to users based on AD GroupsĦ. AD Integrated CA services to deploy certificates (Non-Exportable)ĥ. Two VPN Portals (WebPortal and Full Access)Ĥ. If the user leaves the organization or the device is lost or stolen, customer wanted to use OCSP (Online Certificate Status Protocol) to revoke the cert.ġ. They wanted to use certificates issued from their Windows CA server and pushed down to the PC via GPO. UPDATED – Certificate Pinning you SSL VPN with Microsoft CA and Fortigate Forticlient Using ‘user’ certificatesĬustomer wanted to ONLY allow devices that are trusted devices (owned by the customer) to connect using the ‘ Full Access” VPN portal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |