SSL Keyring
The FortiProxy keyring file includes a list of SSL client certificates (maximum 240,000) or certificate chains in PEM format. The file is stored on the FortiProxy disk and is not encrypted. You can upload the file using the GUI or SCP.
The keyring list must start with #keyring
, and uses the following format:
#keyring:1 <private_key_1> <certificate_1> <optional_certificate_chain_1> #keyring:2 <private_key_2> <certificate_2> <optional_certificate_chain_2> ....
For example:
#keyring:1 -----BEGIN PRIVATE KEY----- MC4CAQ...arfLXfXrEve+Yb8zQ -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- MII...SDg== -----END CERTIFICATE----- #keyring:2 -----BEGIN EC PARAMETERS----- Bg...Bw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHc...onQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- MII...4Dh -----END CERTIFICATE-----
To upload a keyring list in the GUI:
-
Go to Proxy Settings > SSL Keyring and click Create New.
-
Enter a name for the list.
-
Click Upload to upload the list from the management computer.
-
Click OK.
To upload a keyring list from the management computer using SCP:
scp <keyring-file-path> admin@<FPX address>:keyring-list:<optional profile name>
For example:
scp mykeyring admin@10.10.10.1:keyring-list:mykeyring