Fortinet black logo

CLI Reference

config vpn certificate ca

config vpn certificate ca

CA certificate.

config vpn certificate ca
    Description: CA certificate.
    edit <name>
        set auto-update-days {integer}
        set auto-update-days-warning {integer}
        set ca {user}
        set range [global|vdom]
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set ssl-inspection-trusted [enable|disable]
    next
end

config vpn certificate ca

Parameter

Description

Type

Size

Default

auto-update-days

Number of days to wait before requesting an updated CA certificate.

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated.

integer

Minimum value: 0 Maximum value: 4294967295

0

ca

CA certificate as a PEM file.

user

Not Specified

name

Name.

string

Maximum length: 79

range

Either global or VDOM IP address range for the CA certificate.

option

-

vdom

Option

Description

global

Global range.

vdom

VDOM IP address range.

scep-url

URL of the SCEP server.

string

Maximum length: 255

source

CA certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.

config vpn certificate ca

CA certificate.

config vpn certificate ca
    Description: CA certificate.
    edit <name>
        set auto-update-days {integer}
        set auto-update-days-warning {integer}
        set ca {user}
        set range [global|vdom]
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set ssl-inspection-trusted [enable|disable]
    next
end

config vpn certificate ca

Parameter

Description

Type

Size

Default

auto-update-days

Number of days to wait before requesting an updated CA certificate.

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated.

integer

Minimum value: 0 Maximum value: 4294967295

0

ca

CA certificate as a PEM file.

user

Not Specified

name

Name.

string

Maximum length: 79

range

Either global or VDOM IP address range for the CA certificate.

option

-

vdom

Option

Description

global

Global range.

vdom

VDOM IP address range.

scep-url

URL of the SCEP server.

string

Maximum length: 255

source

CA certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.