Fortinet black logo

CLI Reference

system certificate crl

system certificate crl

Use this command to edit the URL associated with a previously uploaded certificate revocation list (CRL).

To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list, which may be provided by certificate authorities (CA).

For information on how to upload a CRL, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate crl

edit "<crl_name>"

set certificate "<certificate_str>"

set type {http | local | scep}

set url "<crl_str>"

next

end

Variable Description Default

"<crl_name>"

Enter the name of a CRL. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

type {http | local | scep}

Specify how you set the certificate.

http—query for the certificate from a HTTP server

local—set the certificate through certificate <certificate_str_pem>.

scep—query for the certificate from a SCEP server

local

url "<crl_str>"

If type {http | local | scep} is set as http or scep, enter the URL of the certificate. The maximum length is 127 characters. No default.

Related topics

system certificate crl

Use this command to edit the URL associated with a previously uploaded certificate revocation list (CRL).

To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list, which may be provided by certificate authorities (CA).

For information on how to upload a CRL, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate crl

edit "<crl_name>"

set certificate "<certificate_str>"

set type {http | local | scep}

set url "<crl_str>"

next

end

Variable Description Default

"<crl_name>"

Enter the name of a CRL. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

type {http | local | scep}

Specify how you set the certificate.

http—query for the certificate from a HTTP server

local—set the certificate through certificate <certificate_str_pem>.

scep—query for the certificate from a SCEP server

local

url "<crl_str>"

If type {http | local | scep} is set as http or scep, enter the URL of the certificate. The maximum length is 127 characters. No default.

Related topics