system certificate ocsp-stapling
Use this command to configure an OCSP server.
Once an OCSP server is configured, OCSP stapling is enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.
For more information on OCSP stapling, see the FortiWeb Administration Guide:
HTTP://docs.fortinet.com/fortiweb/admin-guides
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the admingrp
area. For details, see Permissions.
Syntax
config system certificate ocsp-stapling
edit "<ocsp_name>"
set certificate "<certificate_name>"
set local-cert "<certificate_name>"
set ocsp_url "<url>"
next
end
Variable | Description | Default |
Enter the name of an OCSP group. The maximum length is 63 characters. | No default | |
A CA certificate that has been imported in FortiWeb. | No default | |
The local certificate of the server certificate to be queried. |
No default |
|
Optionally, enter a comment for the OCSP group. | No default | |
Enter URL of the OCSP server corresponding to the specified CA certificate. | No default |