Fortinet black logo

CLI Reference

system certificate crl

Use this command to edit the URL associated with a previously uploaded certificate revocation list (CRL).

To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list, which may be provided by certificate authorities (CA).

For information on how to upload a CRL, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate crl

edit "<crl_name>"

set certificate "<certificate_str>"

set type {http | local | scep}

set url "<crl_str>"

next

end

Variable Description Default

"<crl_name>"

Enter the name of a CRL. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

type {http | local | scep}

Specify how you set the certificate.

http—query for the certificate from a HTTP server

local—set the certificate through certificate <certificate_str_pem>.

scep—query for the certificate from a SCEP server

local

url "<crl_str>"

If type {http | local | scep} is set as http or scep, enter the URL of the certificate. The maximum length is 127 characters. No default.

Related topics

Use this command to edit the URL associated with a previously uploaded certificate revocation list (CRL).

To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list, which may be provided by certificate authorities (CA).

For information on how to upload a CRL, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate crl

edit "<crl_name>"

set certificate "<certificate_str>"

set type {http | local | scep}

set url "<crl_str>"

next

end

Variable Description Default

"<crl_name>"

Enter the name of a CRL. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

type {http | local | scep}

Specify how you set the certificate.

http—query for the certificate from a HTTP server

local—set the certificate through certificate <certificate_str_pem>.

scep—query for the certificate from a SCEP server

local

url "<crl_str>"

If type {http | local | scep} is set as http or scep, enter the URL of the certificate. The maximum length is 127 characters. No default.

Related topics