Fortinet black logo

CLI Reference

system admin-certificate intermediate-ca

system admin-certificate intermediate-ca

If the certificate you are applying for HTTPS access to FortiWeb's GUI management is signed by several intermediate CAs, you need to import all the intermediate CA certificates of the certificate chain. FortiWeb will then send the intermediate CA certificates together with the server certificate when administrators access FortiWeb's GUI via HTTPS.

Intermediate CAs must belong to a group in order to be selected in a certificate verification rule. For how to add the intermediate certificates in a group, seesystem admin-certificate intermediate-ca-group.

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see system accprofile

Syntax

config system admin-certificate intermediate-ca

edit "<certificate_name>"

set certificate "<certificate_str>"

next

end

Variable Description Default

"<certificate_name>"

Enter the name of a certificate file. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

Example

This example adds a certificate to Inter_Cert_1

config system certificate intermediate-certificate

edit "Inter_Cert_1"

set certificate "-----BEGIN CERTIFICATE-----

MIIDkjCCAnoCCQCbXq6VYR1CijANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC

SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMREwDwYD

VQQKDAhGb3J0aW5ldDEMMAoGA1UECwwDTEFCMQ0wCwYDVQQDDAR0ZXN0MSMwIQYJ

KoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xMjEyMDUxMDE1NTla

Fw0xNDEyMDUxMDE1NTlaMIGKMQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0

YWthMRIwEAYDVQQHDAlCYW5nYWxvcmUxETAPBgNVBAoMCEZvcnRpbmV0MQwwCgYD

VQQLDANMQUIxDTALBgNVBAMMBHRlc3QxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRA

Zm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvHH

eXZJilTr4TbH/5O5jFxKQ5dILr/561JOJ5UZWtgs9VhXSuCzmrs6FX35vyc7NR+9

tCbMrl7qA68MxBMuu6phf2r77M9bsp3rOZE2nFR+lhjpWrXBk7/puFLBbI2yqh8d

7DB25m5pI0ClmbdJ5GGlc/1wHULQhFQSYCMSVjc34esvaLE8oAVFWHAZX14dbAbj

gC4CMbayzJZaYEfh/7suMwvdwS3sYjOwZYq6DFEF5ZPpKN+ji9J+8EmAvaZS2m3M

fFdPFf4eEAgsHmYasqxH7s4Ksc2zTm3cG5srRCqEsEddhoblI1JvmApoN2JiNiYJ

hYiEPyJdf2z+dADwXwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCbA8kKwVRPri/d

L8okLny6FygJ0auPbuRQCUGAWpfdKdXn6iyMlLuR066j82o2yrQ0ddgRcdaExT0I

RCoC2NqhzZvy8JJW2A+KTXutwdGGg8ckHQ5UVRtNo/lPZ6Quz8AsswzNk2Qx6OtF

FcTEBNxVTHKabQR46ChIa3sG032Wiuj6Y2Rv77mTmmDRZnrY8QGZd2zMm3riAqUf

IGil0/yg0AhA+ZBt5rer3X+GTknhDAPJ+yU2WS1c8pPj3A3DI0+xwTOq/sNCqTmc

xb7Q1VM/1kiOE9YaPasAJuQ7WHmnd8J0vHw1/e+whf/lsKxV0ClBNL/JdlyNAMvy

isnZYL58

-----END CERTIFICATE-----"

next

end

Related topics

system admin-certificate intermediate-ca

If the certificate you are applying for HTTPS access to FortiWeb's GUI management is signed by several intermediate CAs, you need to import all the intermediate CA certificates of the certificate chain. FortiWeb will then send the intermediate CA certificates together with the server certificate when administrators access FortiWeb's GUI via HTTPS.

Intermediate CAs must belong to a group in order to be selected in a certificate verification rule. For how to add the intermediate certificates in a group, seesystem admin-certificate intermediate-ca-group.

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see system accprofile

Syntax

config system admin-certificate intermediate-ca

edit "<certificate_name>"

set certificate "<certificate_str>"

next

end

Variable Description Default

"<certificate_name>"

Enter the name of a certificate file. The maximum length is 63 characters. No default.

certificate "<certificate_str>"

Set the certificate. Only certificates in PEM format may be set. No default.

Example

This example adds a certificate to Inter_Cert_1

config system certificate intermediate-certificate

edit "Inter_Cert_1"

set certificate "-----BEGIN CERTIFICATE-----

MIIDkjCCAnoCCQCbXq6VYR1CijANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC

SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMREwDwYD

VQQKDAhGb3J0aW5ldDEMMAoGA1UECwwDTEFCMQ0wCwYDVQQDDAR0ZXN0MSMwIQYJ

KoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xMjEyMDUxMDE1NTla

Fw0xNDEyMDUxMDE1NTlaMIGKMQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0

YWthMRIwEAYDVQQHDAlCYW5nYWxvcmUxETAPBgNVBAoMCEZvcnRpbmV0MQwwCgYD

VQQLDANMQUIxDTALBgNVBAMMBHRlc3QxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRA

Zm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvHH

eXZJilTr4TbH/5O5jFxKQ5dILr/561JOJ5UZWtgs9VhXSuCzmrs6FX35vyc7NR+9

tCbMrl7qA68MxBMuu6phf2r77M9bsp3rOZE2nFR+lhjpWrXBk7/puFLBbI2yqh8d

7DB25m5pI0ClmbdJ5GGlc/1wHULQhFQSYCMSVjc34esvaLE8oAVFWHAZX14dbAbj

gC4CMbayzJZaYEfh/7suMwvdwS3sYjOwZYq6DFEF5ZPpKN+ji9J+8EmAvaZS2m3M

fFdPFf4eEAgsHmYasqxH7s4Ksc2zTm3cG5srRCqEsEddhoblI1JvmApoN2JiNiYJ

hYiEPyJdf2z+dADwXwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCbA8kKwVRPri/d

L8okLny6FygJ0auPbuRQCUGAWpfdKdXn6iyMlLuR066j82o2yrQ0ddgRcdaExT0I

RCoC2NqhzZvy8JJW2A+KTXutwdGGg8ckHQ5UVRtNo/lPZ6Quz8AsswzNk2Qx6OtF

FcTEBNxVTHKabQR46ChIa3sG032Wiuj6Y2Rv77mTmmDRZnrY8QGZd2zMm3riAqUf

IGil0/yg0AhA+ZBt5rer3X+GTknhDAPJ+yU2WS1c8pPj3A3DI0+xwTOq/sNCqTmc

xb7Q1VM/1kiOE9YaPasAJuQ7WHmnd8J0vHw1/e+whf/lsKxV0ClBNL/JdlyNAMvy

isnZYL58

-----END CERTIFICATE-----"

next

end

Related topics