Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config certificate local

Local keys and certificates.

config certificate local

Description: Local keys and certificates.

edit <name>

set password {password}

set comments {string}

set private-key {user}

set certificate {user}

set csr {user}

set state {user}

set scep-url {string}

set range [global|vdom]

set source [factory|user|...]

set auto-regenerate-days {integer}

set auto-regenerate-days-warning {integer}

set scep-password {password}

set ca-identifier {string}

set name-encoding [printable|utf8]

set source-ip {ipv4-address}

set ike-localid {string}

set ike-localid-type [asn1dn|fqdn]

set enroll-protocol [none|scep|...]

set cmp-server {string}

set cmp-path {string}

set cmp-server-cert {string}

set cmp-regeneration-method [keyupate|renewal]

next

end

config certificate local

Parameter name

Description

Type

Size

password

Password as a PEM file.

password

Not Specified

comments

Comment.

string

Maximum length: 511

private-key

PEM format key, encrypted with a password.

user

Not Specified

certificate

PEM format certificate.

user

Not Specified

csr

Certificate Signing Request.

user

Not Specified

state

Certificate Signing Request State.

user

Not Specified

scep-url

SCEP server URL.

string

Maximum length: 255

range

Either a global or VDOM IP address range for the certificate.

option

-

 

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

Certificate source type.

option

-

 

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

auto-regenerate-days

Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

auto-regenerate-days-warning

Number of days to wait before an expiry warning message is generated (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

scep-password

SCEP server challenge password for auto-regeneration.

password

Not Specified

ca-identifier

CA identifier of the CA server for signing via SCEP.

string

Maximum length: 255

name-encoding

Name encoding method for auto-regeneration.

option

-

 

Option

Description

printable

Printable encoding (default).

utf8

UTF-8 encoding.

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

ike-localid

Local ID the FortiGate uses for authentication as a VPN client.

string

Maximum length: 63

ike-localid-type

IKE local ID type.

option

-

 

Option

Description

asn1dn

ASN.1 distinguished name.

fqdn

Fully qualified domain name.

enroll-protocol

Certificate enrollment protocol.

option

-

 

Option

Description

none

None (default).

scep

Simple Certificate Enrollment Protocol.

cmpv2

Certificate Management Protocol Version 2.

cmp-server

'ADDRESS:PORT' for CMP server.

string

Maximum length: 63

cmp-path

Path location inside CMP server.

string

Maximum length: 255

cmp-server-cert

CMP server certificate.

string

Maximum length: 79

cmp-regeneration-method

CMP auto-regeneration method.

option

-

 

Option

Description

keyupate

Key Update.

renewal

Renewal.

config certificate local

Local keys and certificates.

config certificate local

Description: Local keys and certificates.

edit <name>

set password {password}

set comments {string}

set private-key {user}

set certificate {user}

set csr {user}

set state {user}

set scep-url {string}

set range [global|vdom]

set source [factory|user|...]

set auto-regenerate-days {integer}

set auto-regenerate-days-warning {integer}

set scep-password {password}

set ca-identifier {string}

set name-encoding [printable|utf8]

set source-ip {ipv4-address}

set ike-localid {string}

set ike-localid-type [asn1dn|fqdn]

set enroll-protocol [none|scep|...]

set cmp-server {string}

set cmp-path {string}

set cmp-server-cert {string}

set cmp-regeneration-method [keyupate|renewal]

next

end

config certificate local

Parameter name

Description

Type

Size

password

Password as a PEM file.

password

Not Specified

comments

Comment.

string

Maximum length: 511

private-key

PEM format key, encrypted with a password.

user

Not Specified

certificate

PEM format certificate.

user

Not Specified

csr

Certificate Signing Request.

user

Not Specified

state

Certificate Signing Request State.

user

Not Specified

scep-url

SCEP server URL.

string

Maximum length: 255

range

Either a global or VDOM IP address range for the certificate.

option

-

 

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

Certificate source type.

option

-

 

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

auto-regenerate-days

Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

auto-regenerate-days-warning

Number of days to wait before an expiry warning message is generated (0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

scep-password

SCEP server challenge password for auto-regeneration.

password

Not Specified

ca-identifier

CA identifier of the CA server for signing via SCEP.

string

Maximum length: 255

name-encoding

Name encoding method for auto-regeneration.

option

-

 

Option

Description

printable

Printable encoding (default).

utf8

UTF-8 encoding.

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

ike-localid

Local ID the FortiGate uses for authentication as a VPN client.

string

Maximum length: 63

ike-localid-type

IKE local ID type.

option

-

 

Option

Description

asn1dn

ASN.1 distinguished name.

fqdn

Fully qualified domain name.

enroll-protocol

Certificate enrollment protocol.

option

-

 

Option

Description

none

None (default).

scep

Simple Certificate Enrollment Protocol.

cmpv2

Certificate Management Protocol Version 2.

cmp-server

'ADDRESS:PORT' for CMP server.

string

Maximum length: 63

cmp-path

Path location inside CMP server.

string

Maximum length: 255

cmp-server-cert

CMP server certificate.

string

Maximum length: 79

cmp-regeneration-method

CMP auto-regeneration method.

option

-

 

Option

Description

keyupate

Key Update.

renewal

Renewal.