Fortinet black logo

CLI Reference

system certificate remote

system certificate ocsp-stapling

Use this command to configure an OCSP server.

Once an OCSP server is configured, OCSP stapling is enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.

For more information on OCSP stapling, see the FortiWeb Administration Guide:

HTTP://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate ocsp-stapling

edit "<ocsp_name>"

set certificate "<certificate_name>"

set local-cert "<certificate_name>"

set comment "<comment_str>"

set ocsp_url "<url>"

next

end

Variable Description Default

"<ocsp_name>"

Enter the name of an OCSP group. The maximum length is 63 characters. No default

certificate "<certificate_name>"

A CA certificate that has been imported in FortiWeb. No default

local-cert "<certificate_name>"

The local certificate of the server certificate to be queried.

No default

comment "<comment_str>"

Optionally, enter a comment for the OCSP group. No default

ocsp_url "<url>"

Enter URL of the OCSP server corresponding to the specified CA certificate. No default

Related topics

system certificate remote

system certificate ocsp-stapling

Use this command to configure an OCSP server.

Once an OCSP server is configured, OCSP stapling is enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.

For more information on OCSP stapling, see the FortiWeb Administration Guide:

HTTP://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate ocsp-stapling

edit "<ocsp_name>"

set certificate "<certificate_name>"

set local-cert "<certificate_name>"

set comment "<comment_str>"

set ocsp_url "<url>"

next

end

Variable Description Default

"<ocsp_name>"

Enter the name of an OCSP group. The maximum length is 63 characters. No default

certificate "<certificate_name>"

A CA certificate that has been imported in FortiWeb. No default

local-cert "<certificate_name>"

The local certificate of the server certificate to be queried.

No default

comment "<comment_str>"

Optionally, enter a comment for the OCSP group. No default

ocsp_url "<url>"

Enter URL of the OCSP server corresponding to the specified CA certificate. No default

Related topics