Certificate settings
The <certificates></certificates>
XML tags contain certificate settings. Following are the subsections:
- CRL: uses Online Certificate Status Protocol (OCSP).
- HDD
- CA certificate: base 64 encoded CA certificate.
<forticlient_configuration>
<system>
<certificates>
<crl>
<ocsp />
</crl>
<hdd />
<ca />
<common_name>
<match_type>
<![CDATA[simple]]>
</match_type>
<pattern>
<![CDATA[w8.fct.net]]>
</pattern>
</common_name>
<issuer>
<match_type>
<![CDATA[simple]]>
</match_type>
<pattern>
<![CDATA[Subordinate CA]]>
</pattern>
</issuer>
<oids>
<oid>
<match_type>simple</match_type>
<pattern>
<![CDATA[1.3.6.1.5.5.7.3.1]]>
</pattern>
</oid>
</oids>
</certificates>
</system>
</forticlient_configuration>
The following table provides the XML tags for certificate settings, as well as the descriptions and default values where applicable.
XML tag |
Description |
Default value |
---|---|---|
|
||
<enabled> |
Use OCSP. Boolean value: |
|
<server> |
|
|
<port> |
Enter the server port number. |
|
|
||
<match_type> |
Enter the type of matching to use, for example,
|
|
<pattern> |
Enter the pattern to use for the type of matching, for example, |
|
|
||
<match_type> |
Enter the type of matching to use, for example,
|
|
<pattern> |
Enter the pattern to use for the type of matching, for example, |
|
Elements about the certificate object identifier (OID). This feature filters based on all certificate OIDs at the first level of the X.509 ASN.1 structure. Nested, or second level OIDs are not supported, other than the EKU (extendedKeyUsage) OIDs. |
||
<match_type> |
Enter the type of matching to use. Choose from:
|
|
<pattern> |
Enter the pattern to use for the type of matching. |
|
Following is an example of exact match for <common_name>
:
<certificate>
<common_name>
<match_type>
<![CDATA[simple]]>
</match_type>
<pattern>
<![CDATA[w8.fct.net]]>
</pattern>
</common_name>
Following is an example of wildcard for <common_name>
:
<certificate>
<common_name>
<match_type>
<![CDATA[wildcard]]>
</match_type>
<pattern>
<![CDATA[*.fct.net]]>
</pattern>
</common_name>