Fortinet black logo

CLI Reference

vpn certificate ca

CA certificate.

  config vpn certificate ca
      Description: CA certificate.
      edit <name>
          set ca {user}
          set range [global|vdom]
          set source [factory|user|...]
          set ssl-inspection-trusted [enable|disable]
          set scep-url {string}
          set auto-update-days {integer}
          set auto-update-days-warning {integer}
          set source-ip {ipv4-address}
          set last-updated {integer}
      next
  end

config vpn certificate ca

Parameter Name Description Type Size
ca CA certificate as a PEM file. user Not Specified
range Either global or VDOM IP address range for the CA certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source CA certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
ssl-inspection-trusted Enable/disable this CA as a trusted CA for SSL inspection.
enable: Trusted CA for SSL inspection.
disable: Untrusted CA for SSL inspection.
option -
scep-url URL of the SCEP server. string Maximum length: 255
auto-update-days Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
auto-update-days-warning Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
source-ip Source IP address for communications to the SCEP server. ipv4-address Not Specified
last-updated Time at which CA was last updated. integer Minimum value: 0 Maximum value: 4294967295

CA certificate.

  config vpn certificate ca
      Description: CA certificate.
      edit <name>
          set ca {user}
          set range [global|vdom]
          set source [factory|user|...]
          set ssl-inspection-trusted [enable|disable]
          set scep-url {string}
          set auto-update-days {integer}
          set auto-update-days-warning {integer}
          set source-ip {ipv4-address}
          set last-updated {integer}
      next
  end

config vpn certificate ca

Parameter Name Description Type Size
ca CA certificate as a PEM file. user Not Specified
range Either global or VDOM IP address range for the CA certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source CA certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
ssl-inspection-trusted Enable/disable this CA as a trusted CA for SSL inspection.
enable: Trusted CA for SSL inspection.
disable: Untrusted CA for SSL inspection.
option -
scep-url URL of the SCEP server. string Maximum length: 255
auto-update-days Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
auto-update-days-warning Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
source-ip Source IP address for communications to the SCEP server. ipv4-address Not Specified
last-updated Time at which CA was last updated. integer Minimum value: 0 Maximum value: 4294967295