Add FortiNet/FortiAP.md

2024-02-13 15:09:28 +00:00
parent a02a176f7e
commit 41e7442779
1 changed files with 44 additions and 0 deletions
--- a/FortiNet/FortiAP.md
+++ b/FortiNet/FortiAP.md
@@ -0,0 +1,44 @@
+# Transfer CA-Certificate and Cert+Key to a FortiAccesspoint
+
+Before we can start, we need a TFTP Server that is accessible over Port 69 from the accesspoint itself.
+All 3 files should be available on the TFTP Server's shared directory. In this example we have this 3 files:
+
+- mydomain-ca.pem
+- device-cert.pem
+- device-key.pem
+
+The TFTP servers IP-Adress will be this:
+
+- 192.168.55.2
+
+Now we connect to the FortiAP via CLI and use this 3 commands to transfer the 3 files.
+
+```bash
+### ca-Certificate
+cw_diag -c wan1x get-ca-cert 192.168.55.2 mydomain-ca.pem
+
+### device-Certificate
+cw_diag -c wan1x get-client-cert 192.168.55.2 device-cert.pem
+
+### device-Key
+cw_diag -c wan1x get-private-key 192.168.55.2 device-key.pem
+```
+
+To check if the device is authorized or not, we can use the following command:
+
+```bash
+cw_diag -c wan1x
+```
+
+The output should look something like this (**Port Status**):
+
+```
+WAN port 802.1x supplicant:
+    EAP methods : EAP-TLS
+    Username    : dummy
+    PasswordENC : /PSkn0Jc5b4MeQBAmlMRfU6hsk3BSUR9wvVit0oaUBHoPjWhELAr+f736JosyqMi/InMTA1GXdUaF5D+spFoUx7caAkQYeHmYP3ZCu8nU9w/rqGd3fHiSuH7gPvzL8rk3aj/uaRjVN0/FPMJebAtR5PSzPQC66dLxyoLmJmzX6iIspb7bQl7aHQkMoVOB/qp0SUHbw==
+    CA CERT     : Users 
+    Client CERT : Users 
+    Private Key : Users
+    Port Status : Authorized(selected method EAP-TLS)
+```