Fortinet white logo
Fortinet white logo

Administration Guide

CRLs

CRLs

Because it is not possible to recall a certificate, the CRL lists certificates signed by valid CAs that should no longer be trusted. Certificates might be revoked for many reasons, such as if the certificate was issued erroneously or if the private key of a valid certificate has been compromised.

In the CLI, you can get a certificate revocation list using LDAP, HTTP, or SCEP, depending on the autoupdate configuration.

Import a CRL using the GUI:
  1. Go to System > Certificate > CRLs.

  2. Click Import.

  3. In the Type dropdown list, select No Local or Local PC.

  4. If you selected No Local, enter the URL of the HTTP server, select the LDAP server and SCEP server, and enter the URL for the SCEP server.

  5. If you selected Local PC, click Choose File and browse to your certificate file.

  6. Click Import.

Import a CRL using the CLI:

execute system certificate crl import auto <CRL_name>

For example:

execute system certificate crl import auto CRL1

CRLs

CRLs

Because it is not possible to recall a certificate, the CRL lists certificates signed by valid CAs that should no longer be trusted. Certificates might be revoked for many reasons, such as if the certificate was issued erroneously or if the private key of a valid certificate has been compromised.

In the CLI, you can get a certificate revocation list using LDAP, HTTP, or SCEP, depending on the autoupdate configuration.

Import a CRL using the GUI:
  1. Go to System > Certificate > CRLs.

  2. Click Import.

  3. In the Type dropdown list, select No Local or Local PC.

  4. If you selected No Local, enter the URL of the HTTP server, select the LDAP server and SCEP server, and enter the URL for the SCEP server.

  5. If you selected Local PC, click Choose File and browse to your certificate file.

  6. Click Import.

Import a CRL using the CLI:

execute system certificate crl import auto <CRL_name>

For example:

execute system certificate crl import auto CRL1