Fortinet black logo

CLI Reference

config certificate crl

config certificate crl

Certificate Revocation List as a PEM file.

config certificate crl
    Description: Certificate Revocation List as a PEM file.
    edit <name>
        set crl {user}
        set http-url {string}
        set ldap-password {password}
        set ldap-server {string}
        set ldap-username {string}
        set range [global|vdom]
        set scep-cert {string}
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set update-interval {integer}
        set update-vdom {string}
    next
end

config certificate crl

Parameter

Description

Type

Size

Default

crl

Certificate Revocation List as a PEM file.

user

Not Specified

http-url

HTTP server URL for CRL auto-update.

string

Maximum length: 255

ldap-password

LDAP server user password.

password

Not Specified

ldap-server

LDAP server name for CRL auto-update.

string

Maximum length: 35

ldap-username

LDAP server user name.

string

Maximum length: 63

name

Name.

string

Maximum length: 35

range

Either global or VDOM IP address range for the certificate.

option

-

global

Option

Description

global

Global range.

vdom

VDOM IP address range.

scep-cert

Local certificate for SCEP communication for CRL auto-update.

string

Maximum length: 35

Fortinet_CA_SSL

scep-url

SCEP server URL for CRL auto-update.

string

Maximum length: 255

source

Certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

source-ip

Source IP address for communications to a HTTP or SCEP CA server.

ipv4-address

Not Specified

0.0.0.0

update-interval

Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires.

integer

Minimum value: 0 Maximum value: 4294967295

0

update-vdom

VDOM for CRL update.

string

Maximum length: 31

root

config certificate crl

Certificate Revocation List as a PEM file.

config certificate crl
    Description: Certificate Revocation List as a PEM file.
    edit <name>
        set crl {user}
        set http-url {string}
        set ldap-password {password}
        set ldap-server {string}
        set ldap-username {string}
        set range [global|vdom]
        set scep-cert {string}
        set scep-url {string}
        set source [factory|user|...]
        set source-ip {ipv4-address}
        set update-interval {integer}
        set update-vdom {string}
    next
end

config certificate crl

Parameter

Description

Type

Size

Default

crl

Certificate Revocation List as a PEM file.

user

Not Specified

http-url

HTTP server URL for CRL auto-update.

string

Maximum length: 255

ldap-password

LDAP server user password.

password

Not Specified

ldap-server

LDAP server name for CRL auto-update.

string

Maximum length: 35

ldap-username

LDAP server user name.

string

Maximum length: 63

name

Name.

string

Maximum length: 35

range

Either global or VDOM IP address range for the certificate.

option

-

global

Option

Description

global

Global range.

vdom

VDOM IP address range.

scep-cert

Local certificate for SCEP communication for CRL auto-update.

string

Maximum length: 35

Fortinet_CA_SSL

scep-url

SCEP server URL for CRL auto-update.

string

Maximum length: 255

source

Certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

source-ip

Source IP address for communications to a HTTP or SCEP CA server.

ipv4-address

Not Specified

0.0.0.0

update-interval

Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires.

integer

Minimum value: 0 Maximum value: 4294967295

0

update-vdom

VDOM for CRL update.

string

Maximum length: 31

root