Fortinet black logo

CLI Reference

user pki-user

user pki-user

In FortiWeb's certificate-based Web UI login, a PKI user is the administrator that FortiWeb will authorizes his Web UI access based on his PKI certificate. With this command, you can create a PKI user for FortiWeb to verify and authorize the Web UI accesses from the user.

Before creating a PKI user, you must import the CA certificate (through FortiWeb Web UI) associated with the user to the FortiWeb. For details, see system admin-certificate ca.

After the PKI user is created, include it in an admin group through user admin-usergrp.

For information about certificate-based Web UI login, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config user pki-user

edit "<pki-user_name>"

set cacert "<cacert_str>"

set subject "<subject_str>"

next

end

Variable Description Default

"<pki-user_name>"

Enter the name of a PKI user. The maximum length is 63 characters. No default.

cacert "<cacert_str>"

Specifies the CA certificate associated with the PKI user's certificate. It must be one of the CA certificates stored on the FortiWeb for administration. For details, see system admin-certificate ca. No default.

subject "<subject_str>"

Specifies the subject of the PKI user's certificate, such as C = US, ST = Washington, O = yourorganization, CN = yourname. No default.

Example

This example adds a PKI user associated with the CA certificate CA_Cert_1.

config user pki-user

edit "pki_user1"

set cacert "CA_Cert_1"

set subject "C = US, ST = Washington, O = oganization, CN = Bradley Avery"

next

end

user pki-user

In FortiWeb's certificate-based Web UI login, a PKI user is the administrator that FortiWeb will authorizes his Web UI access based on his PKI certificate. With this command, you can create a PKI user for FortiWeb to verify and authorize the Web UI accesses from the user.

Before creating a PKI user, you must import the CA certificate (through FortiWeb Web UI) associated with the user to the FortiWeb. For details, see system admin-certificate ca.

After the PKI user is created, include it in an admin group through user admin-usergrp.

For information about certificate-based Web UI login, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config user pki-user

edit "<pki-user_name>"

set cacert "<cacert_str>"

set subject "<subject_str>"

next

end

Variable Description Default

"<pki-user_name>"

Enter the name of a PKI user. The maximum length is 63 characters. No default.

cacert "<cacert_str>"

Specifies the CA certificate associated with the PKI user's certificate. It must be one of the CA certificates stored on the FortiWeb for administration. For details, see system admin-certificate ca. No default.

subject "<subject_str>"

Specifies the subject of the PKI user's certificate, such as C = US, ST = Washington, O = yourorganization, CN = yourname. No default.

Example

This example adds a PKI user associated with the CA certificate CA_Cert_1.

config user pki-user

edit "pki_user1"

set cacert "CA_Cert_1"

set subject "C = US, ST = Washington, O = oganization, CN = Bradley Avery"

next

end