Fortinet black logo

CLI Reference

system certificate local

system certificate local

Use this command to import signed certificates and certificate requests in order to install them for local use by the FortiMail unit.

FortiMail units require a local server certificate that it can present when clients request secure connections, including:

  • the web-based manager (HTTPS connections only)
  • webmail (HTTPS connections only)
  • secure email, such as SMTPS, IMAPS, and POP3S

When using this command to import a local certificate, you must enter the commands in the order described in the following syntax. This is because privatekey will need the password to decrypt the private key if it was encrypted and certificate will try to find a matched private key file.

Syntax

config system certificate local

edit <name_str>

set password

set private-key

set certificate <cert_str>

set csr <csr_str>

set comments <comment_str>

end

Variable

Description

Default

<name_str>

Enter a name for the certificate to be imported.

password

Enter a password for the certificate.

private-key

Enter a private key for the certificate.

Note: A random password is used to encrypt the private key, to prevent the private key from becoming visible when using the show command.

certificate <cert_str>

Enter or paste the certificate in PEM format to import it.

csr <csr_str>

Enter or paste the certificate signing request in PEM format to import it.

comments <comment_str>

Enter any comments for this certificate.

Related topics

system central-management

system certificate crl

system certificate remote

system certificate local

Use this command to import signed certificates and certificate requests in order to install them for local use by the FortiMail unit.

FortiMail units require a local server certificate that it can present when clients request secure connections, including:

  • the web-based manager (HTTPS connections only)
  • webmail (HTTPS connections only)
  • secure email, such as SMTPS, IMAPS, and POP3S

When using this command to import a local certificate, you must enter the commands in the order described in the following syntax. This is because privatekey will need the password to decrypt the private key if it was encrypted and certificate will try to find a matched private key file.

Syntax

config system certificate local

edit <name_str>

set password

set private-key

set certificate <cert_str>

set csr <csr_str>

set comments <comment_str>

end

Variable

Description

Default

<name_str>

Enter a name for the certificate to be imported.

password

Enter a password for the certificate.

private-key

Enter a private key for the certificate.

Note: A random password is used to encrypt the private key, to prevent the private key from becoming visible when using the show command.

certificate <cert_str>

Enter or paste the certificate in PEM format to import it.

csr <csr_str>

Enter or paste the certificate signing request in PEM format to import it.

comments <comment_str>

Enter any comments for this certificate.

Related topics

system central-management

system certificate crl

system certificate remote