Fortinet white logo
Fortinet white logo

CLI Reference

vpn certificate local

Local keys and certificates.

  config vpn certificate local
      Description: Local keys and certificates.
      edit <name>
          set password {password}
          set comments {string}
          set private-key {user}
          set certificate {user}
          set csr {user}
          set state {user}
          set scep-url {string}
          set range [global|vdom]
          set source [factory|user|...]
          set auto-regenerate-days {integer}
          set auto-regenerate-days-warning {integer}
          set scep-password {password}
          set ca-identifier {string}
          set name-encoding [printable|utf8]
          set source-ip {ipv4-address}
          set ike-localid {string}
          set ike-localid-type [asn1dn|fqdn]
          set enroll-protocol [none|scep|...]
          set cmp-server {string}
          set cmp-path {string}
          set cmp-server-cert {string}
          set cmp-regeneration-method [keyupate|renewal]
      next
  end

config vpn certificate local

Parameter Name Description Type Size
password Password as a PEM file. password Not Specified
comments Comment. string Maximum length: 511
private-key PEM format key, encrypted with a password. user Not Specified
certificate PEM format certificate. user Not Specified
csr Certificate Signing Request. user Not Specified
state Certificate Signing Request State. user Not Specified
scep-url SCEP server URL. string Maximum length: 255
range Either a global or VDOM IP address range for the certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source Certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
auto-regenerate-days Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
auto-regenerate-days-warning Number of days to wait before an expiry warning message is generated (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
scep-password SCEP server challenge password for auto-regeneration. password Not Specified
ca-identifier CA identifier of the CA server for signing via SCEP. string Maximum length: 255
name-encoding Name encoding method for auto-regeneration.
printable: Printable encoding (default).
utf8: UTF-8 encoding.
option -
source-ip Source IP address for communications to the SCEP server. ipv4-address Not Specified
ike-localid Local ID the FortiGate uses for authentication as a VPN client. string Maximum length: 63
ike-localid-type IKE local ID type.
asn1dn: ASN.1 distinguished name.
fqdn: Fully qualified domain name.
option -
enroll-protocol Certificate enrollment protocol.
none: None (default).
scep: Simple Certificate Enrollment Protocol.
cmpv2: Certificate Management Protocol Version 2.
option -
cmp-server 'ADDRESS:PORT' for CMP server. string Maximum length: 63
cmp-path Path location inside CMP server. string Maximum length: 255
cmp-server-cert CMP server certificate. string Maximum length: 79
cmp-regeneration-method CMP auto-regeneration method.
keyupate: Key Update.
renewal: Renewal.
option -

vpn certificate local

Local keys and certificates.

  config vpn certificate local
      Description: Local keys and certificates.
      edit <name>
          set password {password}
          set comments {string}
          set private-key {user}
          set certificate {user}
          set csr {user}
          set state {user}
          set scep-url {string}
          set range [global|vdom]
          set source [factory|user|...]
          set auto-regenerate-days {integer}
          set auto-regenerate-days-warning {integer}
          set scep-password {password}
          set ca-identifier {string}
          set name-encoding [printable|utf8]
          set source-ip {ipv4-address}
          set ike-localid {string}
          set ike-localid-type [asn1dn|fqdn]
          set enroll-protocol [none|scep|...]
          set cmp-server {string}
          set cmp-path {string}
          set cmp-server-cert {string}
          set cmp-regeneration-method [keyupate|renewal]
      next
  end

config vpn certificate local

Parameter Name Description Type Size
password Password as a PEM file. password Not Specified
comments Comment. string Maximum length: 511
private-key PEM format key, encrypted with a password. user Not Specified
certificate PEM format certificate. user Not Specified
csr Certificate Signing Request. user Not Specified
state Certificate Signing Request State. user Not Specified
scep-url SCEP server URL. string Maximum length: 255
range Either a global or VDOM IP address range for the certificate.
global: Global range.
vdom: VDOM IP address range.
option -
source Certificate source type.
factory: Factory installed certificate.
user: User generated certificate.
bundle: Bundle file certificate.
option -
auto-regenerate-days Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
auto-regenerate-days-warning Number of days to wait before an expiry warning message is generated (0 = disabled). integer Minimum value: 0 Maximum value: 4294967295
scep-password SCEP server challenge password for auto-regeneration. password Not Specified
ca-identifier CA identifier of the CA server for signing via SCEP. string Maximum length: 255
name-encoding Name encoding method for auto-regeneration.
printable: Printable encoding (default).
utf8: UTF-8 encoding.
option -
source-ip Source IP address for communications to the SCEP server. ipv4-address Not Specified
ike-localid Local ID the FortiGate uses for authentication as a VPN client. string Maximum length: 63
ike-localid-type IKE local ID type.
asn1dn: ASN.1 distinguished name.
fqdn: Fully qualified domain name.
option -
enroll-protocol Certificate enrollment protocol.
none: None (default).
scep: Simple Certificate Enrollment Protocol.
cmpv2: Certificate Management Protocol Version 2.
option -
cmp-server 'ADDRESS:PORT' for CMP server. string Maximum length: 63
cmp-path Path location inside CMP server. string Maximum length: 255
cmp-server-cert CMP server certificate. string Maximum length: 79
cmp-regeneration-method CMP auto-regeneration method.
keyupate: Key Update.
renewal: Renewal.
option -