From 41e74427799b99884e1df0306bbc2fe379e7a0a1 Mon Sep 17 00:00:00 2001 From: admManuel Date: Tue, 13 Feb 2024 15:09:28 +0000 Subject: [PATCH] Add FortiNet/FortiAP.md --- FortiNet/FortiAP.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 FortiNet/FortiAP.md diff --git a/FortiNet/FortiAP.md b/FortiNet/FortiAP.md new file mode 100644 index 0000000..bb44c08 --- /dev/null +++ b/FortiNet/FortiAP.md @@ -0,0 +1,44 @@ +# Transfer CA-Certificate and Cert+Key to a FortiAccesspoint + +Before we can start, we need a TFTP Server that is accessible over Port 69 from the accesspoint itself. +All 3 files should be available on the TFTP Server's shared directory. In this example we have this 3 files: + +- mydomain-ca.pem +- device-cert.pem +- device-key.pem + +The TFTP servers IP-Adress will be this: + +- 192.168.55.2 + +Now we connect to the FortiAP via CLI and use this 3 commands to transfer the 3 files. + +```bash +### ca-Certificate +cw_diag -c wan1x get-ca-cert 192.168.55.2 mydomain-ca.pem + +### device-Certificate +cw_diag -c wan1x get-client-cert 192.168.55.2 device-cert.pem + +### device-Key +cw_diag -c wan1x get-private-key 192.168.55.2 device-key.pem +``` + +To check if the device is authorized or not, we can use the following command: + +```bash +cw_diag -c wan1x +``` + +The output should look something like this (**Port Status**): + +``` +WAN port 802.1x supplicant: + EAP methods : EAP-TLS + Username : dummy + PasswordENC : /PSkn0Jc5b4MeQBAmlMRfU6hsk3BSUR9wvVit0oaUBHoPjWhELAr+f736JosyqMi/InMTA1GXdUaF5D+spFoUx7caAkQYeHmYP3ZCu8nU9w/rqGd3fHiSuH7gPvzL8rk3aj/uaRjVN0/FPMJebAtR5PSzPQC66dLxyoLmJmzX6iIspb7bQl7aHQkMoVOB/qp0SUHbw== + CA CERT : Users + Client CERT : Users + Private Key : Users + Port Status : Authorized(selected method EAP-TLS) +``` \ No newline at end of file