WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
14c80bd15fd6c1a04d67f5974380994c56b6f3c5
Boilerplates/FortiNet/FortiAP.md
admManuel 41e7442779 Add FortiNet/FortiAP.md
2024-02-13 15:09:28 +00:00

1.3 KiB
Raw Blame History

Transfer CA-Certificate and Cert+Key to a FortiAccesspoint

Before we can start, we need a TFTP Server that is accessible over Port 69 from the accesspoint itself. All 3 files should be available on the TFTP Server's shared directory. In this example we have this 3 files:

  • mydomain-ca.pem
  • device-cert.pem
  • device-key.pem

The TFTP servers IP-Adress will be this:

  • 192.168.55.2

Now we connect to the FortiAP via CLI and use this 3 commands to transfer the 3 files.

### ca-Certificate
cw_diag -c wan1x get-ca-cert 192.168.55.2 mydomain-ca.pem

### device-Certificate
cw_diag -c wan1x get-client-cert 192.168.55.2 device-cert.pem

### device-Key
cw_diag -c wan1x get-private-key 192.168.55.2 device-key.pem

To check if the device is authorized or not, we can use the following command:

cw_diag -c wan1x

The output should look something like this (Port Status):

WAN port 802.1x supplicant:
    EAP methods : EAP-TLS
    Username    : dummy
    PasswordENC : /PSkn0Jc5b4MeQBAmlMRfU6hsk3BSUR9wvVit0oaUBHoPjWhELAr+f736JosyqMi/InMTA1GXdUaF5D+spFoUx7caAkQYeHmYP3ZCu8nU9w/rqGd3fHiSuH7gPvzL8rk3aj/uaRjVN0/FPMJebAtR5PSzPQC66dLxyoLmJmzX6iIspb7bQl7aHQkMoVOB/qp0SUHbw==
    CA CERT     : Users 
    Client CERT : Users 
    Private Key : Users
    Port Status : Authorized(selected method EAP-TLS)
Reference in New Issue View Git Blame Copy Permalink