As an administrator, you can allow FortiAuthenticator to either automatically sign the user’s certificate or alert you about the request for a signature.
To enable SCEP and configure general settings:
- Go to Certificate Management > SCEP > General, and select Enable SCEP.
- Configure the following settings:
|Revoke the old certificate on renewal
|Enable to revoke the old certificate after it is renewed.
|Select the default local CA to use from the dropdown menu.
|Default enrollment password
|Enter the default enrollment password that is used when not setting a random password.
Select the enrollment method:
- Automatic: The certificate is pre-approved by the administrator. The administrator enters the certificate information on FortiAuthenticator and gives the user a challenger password to use when submitting their request.
- Manual and Automatic: The user submits the CSR, the request shows up as pending on FortiAuthenticator unit, then the administrator manually approves the pending request. Optionally, enter an email address to be informed of pending approval notifications.
- Select OK to apply any changes you have made.