Hello everyone, we have SSL VPN with CA. The client wants to create a new group of users in their FortiAuthenticator, they want the newly created group of users will have no CA. Is it possible in FortiGate since the configuration in the FortiGate VPN settings the CA is enabled. but I think it is not, can you please confirm it.
The certificate is tied to the VPN configuration itself. Anyone connecting to the Fortigate will use that cert.
This… “Require Client Cert” is a global SSL-VPN setting. You can not mix Cert-Required and Cert-Not-Required clients. You would need to actually program a whole separate VDOM for that.
Take a look at the top comment thread on this one:
You can not mix Cert-Required and Cert-Not-Required clients.
Yes you can. Leave the global setting disabled and require certificates in the specific authentication rule.