Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config certificate ca

CA certificate.

config certificate ca

Description: CA certificate.

edit <name>

set ca {user}

set range [global|vdom]

set source [factory|user|...]

set ssl-inspection-trusted [enable|disable]

set scep-url {string}

set auto-update-days {integer}

set auto-update-days-warning {integer}

set source-ip {ipv4-address}

next

end

config certificate ca

Parameter

Description

Type

Size

Default

ca

CA certificate as a PEM file.

user

Not Specified

range

Either global or VDOM IP address range for the CA certificate.

option

-

global

 

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

CA certificate source type.

option

-

user

 

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

 

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.

scep-url

URL of the SCEP server.

string

Maximum length: 255

auto-update-days

Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0

config certificate ca

CA certificate.

config certificate ca

Description: CA certificate.

edit <name>

set ca {user}

set range [global|vdom]

set source [factory|user|...]

set ssl-inspection-trusted [enable|disable]

set scep-url {string}

set auto-update-days {integer}

set auto-update-days-warning {integer}

set source-ip {ipv4-address}

next

end

config certificate ca

Parameter

Description

Type

Size

Default

ca

CA certificate as a PEM file.

user

Not Specified

range

Either global or VDOM IP address range for the CA certificate.

option

-

global

 

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

CA certificate source type.

option

-

user

 

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

 

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.

scep-url

URL of the SCEP server.

string

Maximum length: 255

auto-update-days

Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled).

integer

Minimum value: 0 Maximum value: 4294967295

0

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0