Fortinet black logo

CLI Reference

execute certificate local

execute certificate local

Use this command to import/export a certficate file or to generate/regenerate a CSR file. When you generate a CSR, you can create an RSA or ECDSA private key. This command will create ca configuration automatically. Please see details in config system certificate local.

Note: Importing a local certificate with pfx format is not supported, unless you have first used FortiADC to generate the CSR.

Syntax

execute certificate local import tftp <filename> <ip>

execute certificate local export tftp <cert> <filename> <ip>

execute certificate local generate <cert_name> <keytype> {<curve_name>|<keysize>} <subject> <country> <state> <city> <org> <unit> <email>

execute certificate local regenerate

<cert>

Local (FortiADC) certificate name.

<filename>

Name of the certificate file.

<ip>

IP address of the TFTP server.

Example

FortiADC-VM # execute certificate local import tftp fortiadc.crt 192.168.1.23

FortiADC-VM # execute certificate local export tftp Factory fortiadc.crt 192.168.1.23

#

Done.

FortiADC-VM # execute certificate local generate csr-test ECDSA secp521r1 example null ca sunnyvale fortinet fadc root

Generating a 512 bit ECDSA private key with curve name secp521r1 and message digest algorithm SHA-512

Generating X.509 certificate request

Done.

FortiADC-VM # execute certificate local regenerate

self certificate regenerated!

execute certificate local

execute certificate local

Use this command to import/export a certficate file or to generate/regenerate a CSR file. When you generate a CSR, you can create an RSA or ECDSA private key. This command will create ca configuration automatically. Please see details in config system certificate local.

Note: Importing a local certificate with pfx format is not supported, unless you have first used FortiADC to generate the CSR.

Syntax

execute certificate local import tftp <filename> <ip>

execute certificate local export tftp <cert> <filename> <ip>

execute certificate local generate <cert_name> <keytype> {<curve_name>|<keysize>} <subject> <country> <state> <city> <org> <unit> <email>

execute certificate local regenerate

<cert>

Local (FortiADC) certificate name.

<filename>

Name of the certificate file.

<ip>

IP address of the TFTP server.

Example

FortiADC-VM # execute certificate local import tftp fortiadc.crt 192.168.1.23

FortiADC-VM # execute certificate local export tftp Factory fortiadc.crt 192.168.1.23

#

Done.

FortiADC-VM # execute certificate local generate csr-test ECDSA secp521r1 example null ca sunnyvale fortinet fadc root

Generating a 512 bit ECDSA private key with curve name secp521r1 and message digest algorithm SHA-512

Generating X.509 certificate request

Done.

FortiADC-VM # execute certificate local regenerate

self certificate regenerated!