Use this command to configure how the FortiWeb appliance will verify certificates presented by HTTP clients.
To apply a certificate verification rule, select it in a policy. For details, see server-policy policy.
To use this command, your administrator account’s access control profile must have either
rw permission to the
admingrp area. For details, see Permissions.
config system certificate verify
|Enter the name of a certificate verifier. The maximum length is 63 characters.||No default.|
|Enter the name of an existing CA Group that you want to use to authenticate client certificates.||No default.|
|Enter the name of an existing CRL Group, if any, to use to verify the revocation status of client certificates.||No default.|
Enable to list only certificates related to the specified CA Group. This is beneficial when a client installs many certificates in its browser or when apps don't list client certificates. If you enable this option, also enable the option in a CA Group. For details, see system certificate ca-group.
||Enable to strictly require verifying the client certificate.||