Fortinet black logo

CLI Reference

certificate

certificate

Note: The following commands are only available when VDOMs are enabled. Any certificate uploaded to a VDOM is only accessible to that VDOM. Any certificate uploaded to the Global VDOM, it is globally accessible by all VDOMs.

Use these commands to configure per-VDOM global certificate settings.

The process for obtaining and installing certificates is as follows:

  1. Use the execute vpn certificate local command to generate a CSR.
  2. Send the CSR to a CA.

The CA sends you the CA certificate, the signed local certificate and the CRL.

  1. Use the certificate local command to install the signed local certificate.
  2. Use the certificate ca command to install the CA certificate.
  3. Use the certificate crl command to install the CRL.

Depending on your terminal software, you can copy the certificate and paste it into the command. The local certificate can update automatically from a Simple Certificate Enrollment Protocol (SCEP) server.

To configure certificates outside of VDOMs, use the config vpn certificate ca, crl, and local commands.

This section includes syntax for the following commands:

certificate

Note: The following commands are only available when VDOMs are enabled. Any certificate uploaded to a VDOM is only accessible to that VDOM. Any certificate uploaded to the Global VDOM, it is globally accessible by all VDOMs.

Use these commands to configure per-VDOM global certificate settings.

The process for obtaining and installing certificates is as follows:

  1. Use the execute vpn certificate local command to generate a CSR.
  2. Send the CSR to a CA.

The CA sends you the CA certificate, the signed local certificate and the CRL.

  1. Use the certificate local command to install the signed local certificate.
  2. Use the certificate ca command to install the CA certificate.
  3. Use the certificate crl command to install the CRL.

Depending on your terminal software, you can copy the certificate and paste it into the command. The local certificate can update automatically from a Simple Certificate Enrollment Protocol (SCEP) server.

To configure certificates outside of VDOMs, use the config vpn certificate ca, crl, and local commands.

This section includes syntax for the following commands: