system certificate eab-credentials

Use this command to configure External Account Binding (EAB) credentials for ACME certificate providers. Commercial Certificate Authorities (CAs) typically require these credentials to link FortiWeb's ACME client to a specific paid subscription or enterprise account.

Before configuring an ACME certificate using a third-party provider, you must define these credentials. RFC 8555 requires that every ACME account be bound to a unique private key; FortiWeb enforces this by requiring a unique eab-account-key for each entry.

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config system certificate eab-credentials

edit "<eab_account_name>"

set acme-eab-kid <string>

set acme-eab-hmac-key <string>

set eab-account-key <userdef>

set comment <string>

next

end

Variable	Description	Default
"<eab_account_name>"	Enter a unique name to identify this set of EAB credentials. This name is referenced when configuring an ACME certificate with the acme-service set to other.	No default.
acme-eab-kid <string>	Enter the Key Identifier (KID) provided by your Certificate Authority. This is a public string that identifies your specific account at the CA.	No default.
acme-eab-hmac-key <string>	Enter the Hash-based Message Authentication Code (HMAC) key provided by your CA. This key must be in the base64url-encoded format.	No default.
eab-account-key <userdef>	Upload or paste the account private key in PEM format. This key must be unique for every EAB account entry. It is used to cryptographically sign the account registration request sent to the ACME server.	No default.
comment <string>	Enter a description or comment to help identify these credentials.	No default.

Related topics

• system certificate letsencrypt