Importing OCSP signing certificates
OCSP signing certificates are certificates with no private keys. For dynamic certification revocation, you must verify them through an OCSP server. This option allows you to import remote (OCSP) certificates into FortiADC and use them to verify the OCSP response signature.
Before you begin, you must:
- Have Read-Write permission for System settings.
- Have the remote certificates downloaded onto you local machine so that you can upload it to FortiADC.
To import an OCSP-signing certificate:
- Go to System > Certificate > verify.
- Click the OCSP Signing Certificatestab.
- Click Import to display the configuration editor.
- Complete the configuration as described in Importing an OCSP signing certificate .
- Click Save when done.
- Repeat Steps 3 through 5 to import as many remote certificates as needed.
Settings | Guidelines |
---|---|
Name | Enter a unique name for the remote certificate you want to import. Valid characters are A -Z , a -z , 0 -9 , _ , and - . The maximum length is 35 characters. No space is allowed. |
OCSP Signing Certificates | Browse for and upload the remote certificate file of interest. |
Once an OCSP signing certificate has been uploaded into FortiADC, the name of the certificate file shows up under the Remote tab. You can view or remove the certificate from this page using the corresponding icons in the far-right column of the page.