Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

vpn certificate ca

Use this command to import a CA certificate from a TFTP or SCEP server to the FortiGate unit, or to export a CA certificate from the FortiGate unit to a TFTP server.

Before using this command you must obtain a CA certificate issued by a CA.

Digital certificates are used to ensure that both participants in a communications session are trustworthy, prior to an encrypted VPN tunnel being set up between the participants. The CA certificate is the certificate that the FortiGate unit uses to authenticate itself to other devices.

Syntax

Export a CA certificate to a TFTP server
execute vpn certificate ca export tftp  Export CA certificate to a TFTP server.
        {string}   CA certificate name.
            {string}   File name on the TFTP server.
                {ip}   IP address of TFTP server.

Import a CA certificate from a SCEP server
execute vpn certificate ca import auto  Import CA certificate via SCEP.
        {string}   URL of the CA server.
            {string}   CA Identifier (optional).
                {ip}   Source-IP for communications to the CA server (optional).

Import a CA certificate bundle from a TFTP server
execute vpn certificate ca import bundle  Import certificate bundle from a TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Import a CA certificate from a TFTP server
execute vpn certificate ca import tftp  Import CA certificate from a TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Examples

Use the following command to import the CA certificate named trust_ca to the FortiGate unit from a TFTP server with the address 192.168.21.54.

execute vpn certificate ca import trust_ca 192.168.21.54

vpn certificate ca

Use this command to import a CA certificate from a TFTP or SCEP server to the FortiGate unit, or to export a CA certificate from the FortiGate unit to a TFTP server.

Before using this command you must obtain a CA certificate issued by a CA.

Digital certificates are used to ensure that both participants in a communications session are trustworthy, prior to an encrypted VPN tunnel being set up between the participants. The CA certificate is the certificate that the FortiGate unit uses to authenticate itself to other devices.

Syntax

Export a CA certificate to a TFTP server
execute vpn certificate ca export tftp  Export CA certificate to a TFTP server.
        {string}   CA certificate name.
            {string}   File name on the TFTP server.
                {ip}   IP address of TFTP server.

Import a CA certificate from a SCEP server
execute vpn certificate ca import auto  Import CA certificate via SCEP.
        {string}   URL of the CA server.
            {string}   CA Identifier (optional).
                {ip}   Source-IP for communications to the CA server (optional).

Import a CA certificate bundle from a TFTP server
execute vpn certificate ca import bundle  Import certificate bundle from a TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Import a CA certificate from a TFTP server
execute vpn certificate ca import tftp  Import CA certificate from a TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Examples

Use the following command to import the CA certificate named trust_ca to the FortiGate unit from a TFTP server with the address 192.168.21.54.

execute vpn certificate ca import trust_ca 192.168.21.54