Windows uses pkcs specifically, where most open source and unix systems requires PEM encoded. So keep this in mind when handling user certficates for vpn access.
In my case, my certificates are already pkcs format. You can tell if a certificate is pkcs format if it binary data.
e.g ( using openssl )
note: the openssl cmd openssl pkcs12 -in cert_name_here.p12 -info -nokeys , is a good method for gain information on a certificate.
Now here's the steps uses to import a certificate using the window cert manager. The certificate manager is simple to use and very reliable.
step1: start the certificate manager by typing certmgr.msc from a windows cmd prompt or by double clicking a pkcs12 certificate. Take heed of the support certificate types.
step2: Type the passphrase for the certificate and if you select "export" this will let you save and export the certificates if you ever need to export to a different host.
step3: Windows manages storage quite well but you can manually override the automatic storage by selecting a location. "Users" Certificate should go into the Personal > Certificates label and others by the intended purpose or for systems purpose. Certificate installed for a user is readable by just that "user" where as admin has rights to all certificates.
step4: if you have a self-sign certificate be aware of the warning for the lack of CA trust chain.
If the certificate was imported with no errors, you will have a success dialog window. And after a restart of the forticlient, the certificates will be available.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment