Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiProxy 2.0.12 CLI Reference
    2.0.12
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.0.19
    7.0.18
    7.0.17
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    2.0.13
    2.0.12
    2.0.0
    1.2.4

    config certificate setting

    config certificate setting

    Certificate setting.

    config certificate setting
    Description: Certificate setting.
    set check-ca-cert [enable|disable]
    set subject-match [substring|value]
    set cn-match [substring|value]
    set strict-crl-check [enable|disable]
    set certname-rsa1024 {string}
    set certname-rsa2048 {string}
    set certname-dsa1024 {string}
    set certname-dsa2048 {string}
    set certname-ecdsa256 {string}
    set certname-ecdsa384 {string}
end

    config certificate setting

    Parameter

    Description

    Type

    Size

    check-ca-cert

    Enable to check the CA certificate and fail authentication if certificate is not found.

    option

    -

    Option

    Description

    enable

    Enable checking the CA certificate.

    disable

    Disable checking the CA certificate.

    subject-match

    When searching for a matching certificate, control how to find matches in the certificate subject name.

    option

    -

    Option

    Description

    substring

    Find a match if any string in the certificate subject name matches the name being searched for.

    value

    Find a match if any attribute value string in a certificate subject name is an exact match with the name being searched for.

    cn-match

    When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name.

    option

    -

    Option

    Description

    substring

    Find a match if any string in a certificate subject name cn attribute name matches the name being searched for.

    value

    Find a match if the cn attribute value string is an exact match with the name being searched for.

    strict-crl-check

    Enable/disable strict mode CRL checking.

    option

    -

    Option

    Description

    enable

    Enable strict mode CRL checking.

    disable

    Disable strict mode CRL checking.

    certname-rsa1024

    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-rsa2048

    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-dsa1024

    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-dsa2048

    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-ecdsa256

    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-ecdsa384

    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35
    Previous
    Next

    config certificate setting

    config certificate setting

    Certificate setting.

    config certificate setting
    Description: Certificate setting.
    set check-ca-cert [enable|disable]
    set subject-match [substring|value]
    set cn-match [substring|value]
    set strict-crl-check [enable|disable]
    set certname-rsa1024 {string}
    set certname-rsa2048 {string}
    set certname-dsa1024 {string}
    set certname-dsa2048 {string}
    set certname-ecdsa256 {string}
    set certname-ecdsa384 {string}
end

    config certificate setting

    Parameter

    Description

    Type

    Size

    check-ca-cert

    Enable to check the CA certificate and fail authentication if certificate is not found.

    option

    -

    Option

    Description

    enable

    Enable checking the CA certificate.

    disable

    Disable checking the CA certificate.

    subject-match

    When searching for a matching certificate, control how to find matches in the certificate subject name.

    option

    -

    Option

    Description

    substring

    Find a match if any string in the certificate subject name matches the name being searched for.

    value

    Find a match if any attribute value string in a certificate subject name is an exact match with the name being searched for.

    cn-match

    When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name.

    option

    -

    Option

    Description

    substring

    Find a match if any string in a certificate subject name cn attribute name matches the name being searched for.

    value

    Find a match if the cn attribute value string is an exact match with the name being searched for.

    strict-crl-check

    Enable/disable strict mode CRL checking.

    option

    -

    Option

    Description

    enable

    Enable strict mode CRL checking.

    disable

    Disable strict mode CRL checking.

    certname-rsa1024

    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-rsa2048

    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-dsa1024

    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-dsa2048

    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-ecdsa256

    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35

    certname-ecdsa384

    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.

    string

    Maximum length: 35
    Previous
    Next