Fortinet black logo

CLI Reference

system certificate urlcert

system certificate urlcert

Use this command to configure the URL-based client certificate feature for a server policy or server pool. This feature allows you to require a certificate for some requests and not for others. Whether a client is required to present a personal certificate or not is based on the requested URL and the rules you specify in the URL-based client certificate group.

A URL-based client certificate group specifies the URLs to match and whether the matched request is required to present a certificate or exempt from presenting a certificate.

When the URL-based client certificate feature is enabled, clients are not required to present a certificate if the request URL is specified as exempt in the URL-based client certificate group rule or URL of the request does not match a rule.

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate urlcert

edit "<url-cert-group_name>"

config list

edit <entry_index>

set url "<url_str>"

set require {enable | disable}

end

next

end

Variable Description Default

"<url-cert-group_name>"

Enter the name for the URL-based client certificate group. No default.

<entry_index>

Enter the index number of an URL-based client certificate group entry. No default.

url "<url_str>"

Enter a URL to match.

When the URL of a client request matches this value and the value of require is enable, FortiWeb requires the client to present a private certificate.

No default.

require {enable | disable}

Specify whether client requests with the URL specified by url are required to present a personal certificate.

When you select disable, FortiWeb does not require client requests with the specified URL to present a personal certificate.

No default.

Related topics

system certificate urlcert

system certificate urlcert

Use this command to configure the URL-based client certificate feature for a server policy or server pool. This feature allows you to require a certificate for some requests and not for others. Whether a client is required to present a personal certificate or not is based on the requested URL and the rules you specify in the URL-based client certificate group.

A URL-based client certificate group specifies the URLs to match and whether the matched request is required to present a certificate or exempt from presenting a certificate.

When the URL-based client certificate feature is enabled, clients are not required to present a certificate if the request URL is specified as exempt in the URL-based client certificate group rule or URL of the request does not match a rule.

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate urlcert

edit "<url-cert-group_name>"

config list

edit <entry_index>

set url "<url_str>"

set require {enable | disable}

end

next

end

Variable Description Default

"<url-cert-group_name>"

Enter the name for the URL-based client certificate group. No default.

<entry_index>

Enter the index number of an URL-based client certificate group entry. No default.

url "<url_str>"

Enter a URL to match.

When the URL of a client request matches this value and the value of require is enable, FortiWeb requires the client to present a private certificate.

No default.

require {enable | disable}

Specify whether client requests with the URL specified by url are required to present a personal certificate.

When you select disable, FortiWeb does not require client requests with the specified URL to present a personal certificate.

No default.

Related topics