Fortinet black logo

Administration Guide

Certificate revocation lists

Certificate revocation lists

When you apply for a signed personal or group certificate to install on remote clients, you can obtain the corresponding root certificate and Certificate Revocation List (CRL) from the issuing CA.

The CRL is a list of certificates that have been revoked and are no longer usable. This list includes expired, stolen, or otherwise compromised certificates. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.

When you receive the signed personal or group certificate, install the signed certificate on the remote client(s) according to the browser documentation. Install the corresponding root certificate (and CRL) from the issuing CA on the FortiAnalyzer unit according to the procedures given below.

Importing a CRL

To import a CRL:
  1. Go to System Settings > Certificates > CRL.
  2. Click Import in the toolbar, or right-click and select Import. The Import dialog box opens.
  3. Click Browse... and locate the CRL file on the management computer, or drag and drop the file onto the dialog box.
  4. Click OK to import the CRL.

Viewing a CRL

To view a CRL:
  1. Go to System Settings > Certificates > CRL.
  2. Select the CRL you need to see details about.
  3. Click View Certificate Detail in the toolbar, or right-click and select View Certificate Detail. The Result page opens.
  4. Click OK to return to the CRL list.

Deleting a CRL

To delete a CRL or CRLs:
  1. Go to System Settings > Certificates > CRL.
  2. Select the CRL or CRLs you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation dialog box to delete the selected CRL or CRLs.

Certificate revocation lists

When you apply for a signed personal or group certificate to install on remote clients, you can obtain the corresponding root certificate and Certificate Revocation List (CRL) from the issuing CA.

The CRL is a list of certificates that have been revoked and are no longer usable. This list includes expired, stolen, or otherwise compromised certificates. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.

When you receive the signed personal or group certificate, install the signed certificate on the remote client(s) according to the browser documentation. Install the corresponding root certificate (and CRL) from the issuing CA on the FortiAnalyzer unit according to the procedures given below.

Importing a CRL

To import a CRL:
  1. Go to System Settings > Certificates > CRL.
  2. Click Import in the toolbar, or right-click and select Import. The Import dialog box opens.
  3. Click Browse... and locate the CRL file on the management computer, or drag and drop the file onto the dialog box.
  4. Click OK to import the CRL.

Viewing a CRL

To view a CRL:
  1. Go to System Settings > Certificates > CRL.
  2. Select the CRL you need to see details about.
  3. Click View Certificate Detail in the toolbar, or right-click and select View Certificate Detail. The Result page opens.
  4. Click OK to return to the CRL list.

Deleting a CRL

To delete a CRL or CRLs:
  1. Go to System Settings > Certificates > CRL.
  2. Select the CRL or CRLs you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation dialog box to delete the selected CRL or CRLs.