system certificate verify
Use this command to configure how the FortiWeb appliance will verify certificates presented by HTTP clients.
To apply a certificate verification rule, select it in a policy. For details, see server-policy policy.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the admingrp
area. For details, see Permissions.
Syntax
config system certificate verify
edit "<certificate_verificator_name>"
set publish-dn {enable | disable}
set strictly-need-cert {enable | disable}
set partial-chain {enable | disable}
next
end
Variable | Description | Default |
Enter the name of a certificate verifier. The maximum length is 63 characters. | No default. | |
Enter the name of an existing CA Group that you want to use to authenticate client certificates. | No default. | |
Enter the name of an existing CRL Group, if any, to use to verify the revocation status of client certificates. | No default. | |
Enable to list only certificates related to the specified CA Group. This is beneficial when a client installs many certificates in its browser or when apps don't list client certificates. If you enable this option, also enable the option in a CA Group. For details, see system certificate ca-group. |
disable |
|
strictly-need-cert {enable | disable} | Enable to strictly require verifying the client certificate. | enable |
Enable to do partial certificate chain validation. External clients can be validated by the Intermediate CA only. When this option is enabled, you also need to enable |
disable |