Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiMail PKI architecture

The FortiMail PKI architecture ensures that users present the necessary certificates before communication between the user and FortiMail starts. The two parties exchange certificates and verify the following:

  • the certificate is issued by a trusted CA
  • the claimed identity matches the one in the certificate
  • the certificate has not expired
  • the certificate type/usage matches the intended usage in the certificate

The diagram below illustrates a typical FortiMail PKI architecture.

Note

PKI supports standards for Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP). Those standards are beyond the scope of this document. For more information on those standards, see RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

FortiMail PKI architecture

FortiMail PKI architecture

The FortiMail PKI architecture ensures that users present the necessary certificates before communication between the user and FortiMail starts. The two parties exchange certificates and verify the following:

  • the certificate is issued by a trusted CA
  • the claimed identity matches the one in the certificate
  • the certificate has not expired
  • the certificate type/usage matches the intended usage in the certificate

The diagram below illustrates a typical FortiMail PKI architecture.

Note

PKI supports standards for Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP). Those standards are beyond the scope of this document. For more information on those standards, see RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

FortiMail PKI architecture