Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    6.2.16
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config certificate local

    config certificate local

    Local keys and certificates.

    config certificate local
    Description: Local keys and certificates.
    edit <name>
        set auto-regenerate-days {integer}
        set auto-regenerate-days-warning {integer}
        set ca-identifier {string}
        set certificate {user}
        set cmp-path {string}
        set cmp-regeneration-method [keyupate|renewal]
        set cmp-server {string}
        set cmp-server-cert {string}
        set comments {string}
        set csr {user}
        set enroll-protocol [none|scep|...]
        set ike-localid {string}
        set ike-localid-type [asn1dn|fqdn]
        set name-encoding [printable|utf8]
        set password {password}
        set private-key {user}
        set range [global|vdom]
        set scep-password {password}
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set state {user}
    next
end

    config certificate local

    Parameter

    Description

    Type

    Size

    auto-regenerate-days

    Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    auto-regenerate-days-warning

    Number of days to wait before an expiry warning message is generated (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    ca-identifier

    CA identifier of the CA server for signing via SCEP.

    string

    Maximum length: 255

    certificate

    PEM format certificate.

    user

    Not Specified

    cmp-path

    Path location inside CMP server.

    string

    Maximum length: 255

    cmp-regeneration-method

    CMP auto-regeneration method.

    option

    -

    Option

    Description

    keyupate

    Key Update.

    renewal

    Renewal.

    cmp-server

    'ADDRESS:PORT' for CMP server.

    string

    Maximum length: 63

    cmp-server-cert

    CMP server certificate.

    string

    Maximum length: 79

    comments

    Comment.

    string

    Maximum length: 511

    csr

    Certificate Signing Request.

    user

    Not Specified

    enroll-protocol

    Certificate enrollment protocol.

    option

    -

    Option

    Description

    none

    None (default).

    scep

    Simple Certificate Enrollment Protocol.

    cmpv2

    Certificate Management Protocol Version 2.

    ike-localid

    Local ID the FortiGate uses for authentication as a VPN client.

    string

    Maximum length: 63

    ike-localid-type

    IKE local ID type.

    option

    -

    Option

    Description

    asn1dn

    ASN.1 distinguished name.

    fqdn

    Fully qualified domain name.

    name

    Name.

    string

    Maximum length: 35

    name-encoding

    Name encoding method for auto-regeneration.

    option

    -

    Option

    Description

    printable

    Printable encoding (default).

    utf8

    UTF-8 encoding.

    password

    Password as a PEM file.

    password

    Not Specified

    private-key

    PEM format key, encrypted with a password.

    user

    Not Specified

    range

    Either a global or VDOM IP address range for the certificate.

    option

    -

    Option

    Description

    global

    Global range.

    vdom

    VDOM IP address range.

    scep-password

    SCEP server challenge password for auto-regeneration.

    password

    Not Specified

    scep-url

    SCEP server URL.

    string

    Maximum length: 255

    source

    Certificate source type.

    option

    -

    Option

    Description

    factory

    Factory installed certificate.

    user

    User generated certificate.

    bundle

    Bundle file certificate.

    source-ip

    Source IP address for communications to the SCEP server.

    ipv4-address

    Not Specified

    state

    Certificate Signing Request State. Read-only.

    user

    Not Specified
    Previous
    Next

    config certificate local

    config certificate local

    Local keys and certificates.

    config certificate local
    Description: Local keys and certificates.
    edit <name>
        set auto-regenerate-days {integer}
        set auto-regenerate-days-warning {integer}
        set ca-identifier {string}
        set certificate {user}
        set cmp-path {string}
        set cmp-regeneration-method [keyupate|renewal]
        set cmp-server {string}
        set cmp-server-cert {string}
        set comments {string}
        set csr {user}
        set enroll-protocol [none|scep|...]
        set ike-localid {string}
        set ike-localid-type [asn1dn|fqdn]
        set name-encoding [printable|utf8]
        set password {password}
        set private-key {user}
        set range [global|vdom]
        set scep-password {password}
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set state {user}
    next
end

    config certificate local

    Parameter

    Description

    Type

    Size

    auto-regenerate-days

    Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    auto-regenerate-days-warning

    Number of days to wait before an expiry warning message is generated (0 = disabled).

    integer

    Minimum value: 0 Maximum value: 4294967295

    ca-identifier

    CA identifier of the CA server for signing via SCEP.

    string

    Maximum length: 255

    certificate

    PEM format certificate.

    user

    Not Specified

    cmp-path

    Path location inside CMP server.

    string

    Maximum length: 255

    cmp-regeneration-method

    CMP auto-regeneration method.

    option

    -

    Option

    Description

    keyupate

    Key Update.

    renewal

    Renewal.

    cmp-server

    'ADDRESS:PORT' for CMP server.

    string

    Maximum length: 63

    cmp-server-cert

    CMP server certificate.

    string

    Maximum length: 79

    comments

    Comment.

    string

    Maximum length: 511

    csr

    Certificate Signing Request.

    user

    Not Specified

    enroll-protocol

    Certificate enrollment protocol.

    option

    -

    Option

    Description

    none

    None (default).

    scep

    Simple Certificate Enrollment Protocol.

    cmpv2

    Certificate Management Protocol Version 2.

    ike-localid

    Local ID the FortiGate uses for authentication as a VPN client.

    string

    Maximum length: 63

    ike-localid-type

    IKE local ID type.

    option

    -

    Option

    Description

    asn1dn

    ASN.1 distinguished name.

    fqdn

    Fully qualified domain name.

    name

    Name.

    string

    Maximum length: 35

    name-encoding

    Name encoding method for auto-regeneration.

    option

    -

    Option

    Description

    printable

    Printable encoding (default).

    utf8

    UTF-8 encoding.

    password

    Password as a PEM file.

    password

    Not Specified

    private-key

    PEM format key, encrypted with a password.

    user

    Not Specified

    range

    Either a global or VDOM IP address range for the certificate.

    option

    -

    Option

    Description

    global

    Global range.

    vdom

    VDOM IP address range.

    scep-password

    SCEP server challenge password for auto-regeneration.

    password

    Not Specified

    scep-url

    SCEP server URL.

    string

    Maximum length: 255

    source

    Certificate source type.

    option

    -

    Option

    Description

    factory

    Factory installed certificate.

    user

    User generated certificate.

    bundle

    Bundle file certificate.

    source-ip

    Source IP address for communications to the SCEP server.

    ipv4-address

    Not Specified

    state

    Certificate Signing Request State. Read-only.

    user

    Not Specified
    Previous
    Next