Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiAnalyzer 6.4.6 CLI Reference
    6.4.6
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.5
    5.2.5
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.13
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    certificate

    certificate

    Use the following commands to configure certificate related settings.

    certificate ca

    Use this command to install Certificate Authority (CA) root certificates.

    When a CA processes your Certificate Signing Request (CSR), it sends you the CA certificate, the signed local certificate and the Certificate Revocation List (CRL).

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate ca

    edit <ca_name>

    set ca <certificate>

    set comment <string>

    end

    Variable

    Description

    <ca_name>

    Enter a name for the CA certificate (character limit = 35).

    ca <certificate>

    Enter or retrieve the CA certificate in PEM format.

    comment <string>

    Optionally, enter a descriptive comment (character limit = 127).

    certificate crl

    Use this command to configure CRLs.

    Syntax

    config system certificate crl

    edit <name>

    set crl <crl>

    set comment <string>

    set http-url <string>

    set update-interval <integer>

    end

    Variable

    Description

    <name>

    Enter a name for the CRL (character limit = 35).

    crl <crl>

    Enter or retrieve the CRL in PEM format.

    comment <string>

    Optionally, enter a descriptive comment for this CRL (character limit = 127).

    http-url <string>

    Set the HTTP server URL for CRL auto-update.

    update-interval <integer>

    Set the CRL auto-update interval, in minutes (minimum = 3, default = 1440).

    certificate local

    Use this command to install local certificates. When a CA processes your CSR, it sends you the CA certificate, the signed local certificate and the CRL.

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate local

    edit <cert_name>

    set password <passwd>

    set comment <string>

    set certificate <certificate_PEM>

    set private-key <prkey>

    set csr <csr_PEM>

    next

    end

    Variable

    Description

    <cert_name>

    Enter the local certificate name (character limit = 35).

    password <passwd>

    Enter the local certificate password (character limit = 67).

    comment <string>

    Enter any relevant information about the certificate (character limit = 127).

    certificate <certificate_PEM>

    Enter the signed local certificate in PEM format.

    You should not modify the following variables if you generated the CSR on this unit.

    private-key <prkey>

    The private key in PEM format.

    csr <csr_PEM>

    The CSR in PEM format.

    certificate oftp

    Use this command to install OFTP certificates and keys.

    Syntax

    config system certificate oftp

    set certificate <certificate>

    set comment <string>

    set local {Fortinet_Local | Fortinet_Local2}

    set mode {custom | default | local}

    set password <passwd>

    set private-key <key>

    end

    Variable

    Description

    certificate <certificate>

    PEM format certificate.

    comment <string>

    OFTP certificate comment (character limit = 127).

    local {Fortinet_Local | Fortinet_Local2}

    Choose from the two available local certificates.

    mode {custom | default | local}

    Mode of certificates used by OFTPD (default = default):

    • custom: Use a custom certificate.
    • defualt: Default mode.
    • local: Use a local certificate.

    password <passwd>

    Password for encrypted 'private-key', unset for non-encrypted.

    private-key <key>

    PEM format private key.

    certificate remote

    Use this command to install remote certificates

    Syntax

    config system certificate remote

    edit <cert_name>

    set cert <certificate>

    set comment <string>

    next

    end

    Variable

    Description

    <cert_name>

    Enter the remote certificate name (character limit = 35).

    cert <certificate>

    The remote certificate.

    comment <string>

    Optionally, enter a descriptive comment (character limit = 127).

    certificate ssh

    Use this command to install SSH certificates and keys.

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate.
    5. Use the system certificate SSH command to install the SSH certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate ssh

    edit <name>

    set comment <comment_text>

    set certificate <certificate>

    set private-key <key>

    end

    Variable

    Description

    <name>

    Enter the SSH certificate name (character limit = 63).

    comment <comment_text>

    Enter any relevant information about the certificate (character limit = 127).

    certificate <certificate>

    Enter the signed SSH certificate in PEM format.

    You should not modify the following variables if you generated the CSR on this unit.

    private-key <key>

    The private key in PEM format.
    Previous
    Next

    certificate

    certificate

    Use the following commands to configure certificate related settings.

    certificate ca

    Use this command to install Certificate Authority (CA) root certificates.

    When a CA processes your Certificate Signing Request (CSR), it sends you the CA certificate, the signed local certificate and the Certificate Revocation List (CRL).

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate ca

    edit <ca_name>

    set ca <certificate>

    set comment <string>

    end

    Variable

    Description

    <ca_name>

    Enter a name for the CA certificate (character limit = 35).

    ca <certificate>

    Enter or retrieve the CA certificate in PEM format.

    comment <string>

    Optionally, enter a descriptive comment (character limit = 127).

    certificate crl

    Use this command to configure CRLs.

    Syntax

    config system certificate crl

    edit <name>

    set crl <crl>

    set comment <string>

    set http-url <string>

    set update-interval <integer>

    end

    Variable

    Description

    <name>

    Enter a name for the CRL (character limit = 35).

    crl <crl>

    Enter or retrieve the CRL in PEM format.

    comment <string>

    Optionally, enter a descriptive comment for this CRL (character limit = 127).

    http-url <string>

    Set the HTTP server URL for CRL auto-update.

    update-interval <integer>

    Set the CRL auto-update interval, in minutes (minimum = 3, default = 1440).

    certificate local

    Use this command to install local certificates. When a CA processes your CSR, it sends you the CA certificate, the signed local certificate and the CRL.

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate local

    edit <cert_name>

    set password <passwd>

    set comment <string>

    set certificate <certificate_PEM>

    set private-key <prkey>

    set csr <csr_PEM>

    next

    end

    Variable

    Description

    <cert_name>

    Enter the local certificate name (character limit = 35).

    password <passwd>

    Enter the local certificate password (character limit = 67).

    comment <string>

    Enter any relevant information about the certificate (character limit = 127).

    certificate <certificate_PEM>

    Enter the signed local certificate in PEM format.

    You should not modify the following variables if you generated the CSR on this unit.

    private-key <prkey>

    The private key in PEM format.

    csr <csr_PEM>

    The CSR in PEM format.

    certificate oftp

    Use this command to install OFTP certificates and keys.

    Syntax

    config system certificate oftp

    set certificate <certificate>

    set comment <string>

    set local {Fortinet_Local | Fortinet_Local2}

    set mode {custom | default | local}

    set password <passwd>

    set private-key <key>

    end

    Variable

    Description

    certificate <certificate>

    PEM format certificate.

    comment <string>

    OFTP certificate comment (character limit = 127).

    local {Fortinet_Local | Fortinet_Local2}

    Choose from the two available local certificates.

    mode {custom | default | local}

    Mode of certificates used by OFTPD (default = default):

    • custom: Use a custom certificate.
    • defualt: Default mode.
    • local: Use a local certificate.

    password <passwd>

    Password for encrypted 'private-key', unset for non-encrypted.

    private-key <key>

    PEM format private key.

    certificate remote

    Use this command to install remote certificates

    Syntax

    config system certificate remote

    edit <cert_name>

    set cert <certificate>

    set comment <string>

    next

    end

    Variable

    Description

    <cert_name>

    Enter the remote certificate name (character limit = 35).

    cert <certificate>

    The remote certificate.

    comment <string>

    Optionally, enter a descriptive comment (character limit = 127).

    certificate ssh

    Use this command to install SSH certificates and keys.

    The process for obtaining and installing certificates is as follows:
    1. Use the execute certificate local generate command to generate a CSR.
    2. Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
    3. Use the system certificate local command to install the signed local certificate.
    4. Use the system certificate ca command to install the CA certificate.
    5. Use the system certificate SSH command to install the SSH certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.

    Syntax

    config system certificate ssh

    edit <name>

    set comment <comment_text>

    set certificate <certificate>

    set private-key <key>

    end

    Variable

    Description

    <name>

    Enter the SSH certificate name (character limit = 63).

    comment <comment_text>

    Enter any relevant information about the certificate (character limit = 127).

    certificate <certificate>

    Enter the signed SSH certificate in PEM format.

    You should not modify the following variables if you generated the CSR on this unit.

    private-key <key>

    The private key in PEM format.
    Previous
    Next