Fortinet black logo

CLI Reference

system admin-certificate local

system admin-certificate local

The FortiWeb appliance presents its own HTTPS server certificate for secure connections (HTTPS) to its Web UI. By default, A Fortinet factory certificate is used as the certificate, which is named defaultcert in FortiWeb. You can also import other certifications to FortiWeb and replace the defaultcert with any of them for secure Web UI connections.

Use this command to edit the comment associated with the these FortiWeb's administration certificates that are stored locally on the FortiWeb appliance.

To replace the certificate that FortiWeb uses for the secure accesses to its Web UI, see .

For information on how to upload a certificate file to change FortiWeb's default certificate, see the FortiWeb Administration Guide:

HTTP://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system admin-certificate local

edit "<certificate_name>"

set comment "<comment_str>"

set certificate "<certificate_str>"

set passwd "<passwd_str>"

set private-key "<private-key_str>"

set flag 0

set status ok

set type certificate

next

end

Variable Description Default

"<certificate_name>"

Enter the name of a certificate file. The maximum length is 63 characters. No default.

comment "<comment_str>"

Enter a description or other comment. If the comment contains more than one word or contains an apostrophe, surround the comment in double quotes ( " ). The maximum length is 127 characters. No default.

certificate "<certificate_str>"

Enter the sequence number of the certificate file. No default.

passwd "<passwd_str>"

When exporting the private key file from certificate factories, you can choose to enter a password to encrypt the file. Thus when you import the file into FortiWeb, you shall enter this password. This is optional. No default.

private-key "<private-key_str>"

Enter the sequence number of the key file. No default.

flag 0

Indicate if a password was saved. This is used by FortiWeb for backwards compatibility. 0

status ok

Indicates the status of an imported certificate:

  • na—Indicates that the certificate was successfully imported, and is currently selected for use by the FortiWeb appliance.
  • ok—Indicates that the certificate was successfully imported but is not selected as the certificate currently in use. To use the certificate, see .
  • pending—Indicates that the certificate request was generated, but must be downloaded, signed, and imported before it can be used as a local certificate.
ok

type certificate

Indicates whether the file is a certificate or a certificate signing request (CSR). certificate

Example

This example adds a comment to the certificate named certificate1.

config system admin-certificate local

edit "certificate1"

set comment "This is a certificate that FortiWeb uses for secure Web UI connections."

next

end

system admin-certificate local

The FortiWeb appliance presents its own HTTPS server certificate for secure connections (HTTPS) to its Web UI. By default, A Fortinet factory certificate is used as the certificate, which is named defaultcert in FortiWeb. You can also import other certifications to FortiWeb and replace the defaultcert with any of them for secure Web UI connections.

Use this command to edit the comment associated with the these FortiWeb's administration certificates that are stored locally on the FortiWeb appliance.

To replace the certificate that FortiWeb uses for the secure accesses to its Web UI, see .

For information on how to upload a certificate file to change FortiWeb's default certificate, see the FortiWeb Administration Guide:

HTTP://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system admin-certificate local

edit "<certificate_name>"

set comment "<comment_str>"

set certificate "<certificate_str>"

set passwd "<passwd_str>"

set private-key "<private-key_str>"

set flag 0

set status ok

set type certificate

next

end

Variable Description Default

"<certificate_name>"

Enter the name of a certificate file. The maximum length is 63 characters. No default.

comment "<comment_str>"

Enter a description or other comment. If the comment contains more than one word or contains an apostrophe, surround the comment in double quotes ( " ). The maximum length is 127 characters. No default.

certificate "<certificate_str>"

Enter the sequence number of the certificate file. No default.

passwd "<passwd_str>"

When exporting the private key file from certificate factories, you can choose to enter a password to encrypt the file. Thus when you import the file into FortiWeb, you shall enter this password. This is optional. No default.

private-key "<private-key_str>"

Enter the sequence number of the key file. No default.

flag 0

Indicate if a password was saved. This is used by FortiWeb for backwards compatibility. 0

status ok

Indicates the status of an imported certificate:

  • na—Indicates that the certificate was successfully imported, and is currently selected for use by the FortiWeb appliance.
  • ok—Indicates that the certificate was successfully imported but is not selected as the certificate currently in use. To use the certificate, see .
  • pending—Indicates that the certificate request was generated, but must be downloaded, signed, and imported before it can be used as a local certificate.
ok

type certificate

Indicates whether the file is a certificate or a certificate signing request (CSR). certificate

Example

This example adds a comment to the certificate named certificate1.

config system admin-certificate local

edit "certificate1"

set comment "This is a certificate that FortiWeb uses for secure Web UI connections."

next

end