Fortinet black logo

CLI Reference

system certificate remote

system certificate remote

Use this command to configure an OCSP server.

Once an OCSP server is configured, OCSP stapling may be enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.

For more information on OCSP stapling, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate remote

edit "<ocsp_name>"

set certificate "<certificate_name>"

set comment "<comment_str>"

set ocsp_url "<url>"

next

end

Variable Description Default

"<ocsp_name>"

Enter the name of an OCSP group. The maximum length is 63 characters. This group can be used if OCSP stapling is enabled in a server policy. No default

certificate "<certificate_name>"

A CA certificate that has been imported in FortiWeb. No default

comment "<comment_str>"

Optionally, enter a comment for the OCSP group. No default

ocsp_url "<url>"

Enter URL of the OCSP server corresponding to the specified CA certificate. No default

Example

This example creates an OCSP group for the CA certificate CA_Cert_1.

config system certificate remote

edit ocsp_ca_cert_1

set certificate "CA_Cert_1"

set comment "OCSP for CA_Cert_1"

set ocsp_url "http://ocsp.example.com"

next

end

Related topics

system certificate remote

Use this command to configure an OCSP server.

Once an OCSP server is configured, OCSP stapling may be enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.

For more information on OCSP stapling, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate remote

edit "<ocsp_name>"

set certificate "<certificate_name>"

set comment "<comment_str>"

set ocsp_url "<url>"

next

end

Variable Description Default

"<ocsp_name>"

Enter the name of an OCSP group. The maximum length is 63 characters. This group can be used if OCSP stapling is enabled in a server policy. No default

certificate "<certificate_name>"

A CA certificate that has been imported in FortiWeb. No default

comment "<comment_str>"

Optionally, enter a comment for the OCSP group. No default

ocsp_url "<url>"

Enter URL of the OCSP server corresponding to the specified CA certificate. No default

Example

This example creates an OCSP group for the CA certificate CA_Cert_1.

config system certificate remote

edit ocsp_ca_cert_1

set certificate "CA_Cert_1"

set comment "OCSP for CA_Cert_1"

set ocsp_url "http://ocsp.example.com"

next

end

Related topics