Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Certificate Revocation List as a PEM file.

  config certificate crl
      Description: Certificate Revocation List as a PEM file.
      edit <name>
          set crl {user}
          set range [global|vdom]
          set source [factory|user|...]
          set update-vdom {string}
          set ldap-server {string}
          set ldap-username {string}
          set ldap-password {password}
          set http-url {string}
          set scep-url {string}
          set scep-cert {string}
          set update-interval {integer}
          set source-ip {ipv4-address}
          set last-updated {integer}
      next
  end

config certificate crl

Parameter Name Description Type Size
crl Certificate Revocation List as a PEM file. user Not Specified
range Either global or VDOM IP address range for the certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source Certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
update-vdom VDOM for CRL update. string Maximum length: 31
ldap-server LDAP server name for CRL auto-update. string Maximum length: 35
ldap-username LDAP server user name. string Maximum length: 63
ldap-password LDAP server user password. password Not Specified
http-url HTTP server URL for CRL auto-update. string Maximum length: 255
scep-url SCEP server URL for CRL auto-update. string Maximum length: 255
scep-cert Local certificate for SCEP communication for CRL auto-update. string Maximum length: 35
update-interval Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. integer Minimum value: 0 Maximum value: 4294967295
source-ip Source IP address for communications to a HTTP or SCEP CA server. ipv4-address Not Specified
last-updated Time at which CRL was last updated. integer Minimum value: 0 Maximum value: 4294967295

Certificate Revocation List as a PEM file.

  config certificate crl
      Description: Certificate Revocation List as a PEM file.
      edit <name>
          set crl {user}
          set range [global|vdom]
          set source [factory|user|...]
          set update-vdom {string}
          set ldap-server {string}
          set ldap-username {string}
          set ldap-password {password}
          set http-url {string}
          set scep-url {string}
          set scep-cert {string}
          set update-interval {integer}
          set source-ip {ipv4-address}
          set last-updated {integer}
      next
  end

config certificate crl

Parameter Name Description Type Size
crl Certificate Revocation List as a PEM file. user Not Specified
range Either global or VDOM IP address range for the certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source Certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
update-vdom VDOM for CRL update. string Maximum length: 31
ldap-server LDAP server name for CRL auto-update. string Maximum length: 35
ldap-username LDAP server user name. string Maximum length: 63
ldap-password LDAP server user password. password Not Specified
http-url HTTP server URL for CRL auto-update. string Maximum length: 255
scep-url SCEP server URL for CRL auto-update. string Maximum length: 255
scep-cert Local certificate for SCEP communication for CRL auto-update. string Maximum length: 35
update-interval Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. integer Minimum value: 0 Maximum value: 4294967295
source-ip Source IP address for communications to a HTTP or SCEP CA server. ipv4-address Not Specified
last-updated Time at which CRL was last updated. integer Minimum value: 0 Maximum value: 4294967295