Fortinet black logo

Certificate settings

Certificate settings

The <certificates></certificates> XML tags contain certificate settings. Following are the subsections:

  • CRL: uses Online Certificate Status Protocol (OCSP).
  • HDD
  • CA certificate: base 64 encoded CA certificate.

<forticlient_configuration>

<system>

<certificates>

<crl>

<ocsp />

</crl>

<hdd />

<ca />

<common_name>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[w8.fct.net]]>

</pattern>

</common_name>

<issuer>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[Subordinate CA]]>

</pattern>

</issuer>

</certificates>

</system>

</forticlient_configuration>

The following table provides the XML tags for certificate settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<crl><OCSP> elements

<enabled>

Use OCSP.

Boolean value: [0 | 1]

<server>

Enter the server IP address.

<port>

Enter the server port number.

<common_name> elements for common name of the certificate automatically selected for VPN logon.

<match_type>

Enter the type of matching to use, for example, <match_type><![CDATA[simple]]></match_type>. Choose from:

  • simple: exact match
  • wildcard: wildcard
  • regex: regular expressions

<pattern>

Enter the pattern to use for the type of matching, for example, <pattern><![CDATA[w8.fct.net]]></pattern>.

<issuer> elements about the issuer of the certificate that is automatically selected for VPN logon.

<match_type>

Enter the type of matching to use, for example, <match_type><![CDATA[simple]]></match_type>. Choose from:

  • simple: exact match
  • wildcard: wildcard

<pattern>

Enter the pattern to use for the type of matching, for example, <pattern><![CDATA[subordinate CA]]></pattern>.

Following is an example of exact match for <common_name>:

<certificate>

<common_name>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[w8.fct.net]]>

</pattern>

</common_name>

Following is an example of wildcard for <common_name>:

<certificate>

<common_name>

<match_type>

<![CDATA[wildcard]]>

</match_type>

<pattern>

<![CDATA[*.fct.net]]>

</pattern>

</common_name>

Certificate settings

The <certificates></certificates> XML tags contain certificate settings. Following are the subsections:

  • CRL: uses Online Certificate Status Protocol (OCSP).
  • HDD
  • CA certificate: base 64 encoded CA certificate.

<forticlient_configuration>

<system>

<certificates>

<crl>

<ocsp />

</crl>

<hdd />

<ca />

<common_name>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[w8.fct.net]]>

</pattern>

</common_name>

<issuer>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[Subordinate CA]]>

</pattern>

</issuer>

</certificates>

</system>

</forticlient_configuration>

The following table provides the XML tags for certificate settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<crl><OCSP> elements

<enabled>

Use OCSP.

Boolean value: [0 | 1]

<server>

Enter the server IP address.

<port>

Enter the server port number.

<common_name> elements for common name of the certificate automatically selected for VPN logon.

<match_type>

Enter the type of matching to use, for example, <match_type><![CDATA[simple]]></match_type>. Choose from:

  • simple: exact match
  • wildcard: wildcard
  • regex: regular expressions

<pattern>

Enter the pattern to use for the type of matching, for example, <pattern><![CDATA[w8.fct.net]]></pattern>.

<issuer> elements about the issuer of the certificate that is automatically selected for VPN logon.

<match_type>

Enter the type of matching to use, for example, <match_type><![CDATA[simple]]></match_type>. Choose from:

  • simple: exact match
  • wildcard: wildcard

<pattern>

Enter the pattern to use for the type of matching, for example, <pattern><![CDATA[subordinate CA]]></pattern>.

Following is an example of exact match for <common_name>:

<certificate>

<common_name>

<match_type>

<![CDATA[simple]]>

</match_type>

<pattern>

<![CDATA[w8.fct.net]]>

</pattern>

</common_name>

Following is an example of wildcard for <common_name>:

<certificate>

<common_name>

<match_type>

<![CDATA[wildcard]]>

</match_type>

<pattern>

<![CDATA[*.fct.net]]>

</pattern>

</common_name>