Fortinet white logo
Fortinet white logo

CLI Reference

config vpn certificate ca

config vpn certificate ca

CA certificate.

config vpn certificate ca

Description: CA certificate.

edit <name>

set ca {user}

set range [global|vdom]

set source [factory|user|...]

set ssl-inspection-trusted [enable|disable]

set scep-url {string}

set auto-update-days {integer}

set auto-update-days-warning {integer}

set source-ip {ipv4-address}

next

end

config vpn certificate ca

Parameter

Description

Type

Size

Default

ca

CA certificate as a PEM file.

user

Not Specified

range

Either global or VDOM IP address range for the CA certificate.

option

-

vdom

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

CA certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.

scep-url

URL of the SCEP server.

string

Maximum length: 255

auto-update-days

Number of days to wait before requesting an updated CA certificate .

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated .

integer

Minimum value: 0 Maximum value: 4294967295

0

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0

config vpn certificate ca

config vpn certificate ca

CA certificate.

config vpn certificate ca

Description: CA certificate.

edit <name>

set ca {user}

set range [global|vdom]

set source [factory|user|...]

set ssl-inspection-trusted [enable|disable]

set scep-url {string}

set auto-update-days {integer}

set auto-update-days-warning {integer}

set source-ip {ipv4-address}

next

end

config vpn certificate ca

Parameter

Description

Type

Size

Default

ca

CA certificate as a PEM file.

user

Not Specified

range

Either global or VDOM IP address range for the CA certificate.

option

-

vdom

Option

Description

global

Global range.

vdom

VDOM IP address range.

source

CA certificate source type.

option

-

user

Option

Description

factory

Factory installed certificate.

user

User generated certificate.

bundle

Bundle file certificate.

ssl-inspection-trusted

Enable/disable this CA as a trusted CA for SSL inspection.

option

-

enable

Option

Description

enable

Trusted CA for SSL inspection.

disable

Untrusted CA for SSL inspection.

scep-url

URL of the SCEP server.

string

Maximum length: 255

auto-update-days

Number of days to wait before requesting an updated CA certificate .

integer

Minimum value: 0 Maximum value: 4294967295

0

auto-update-days-warning

Number of days before an expiry-warning message is generated .

integer

Minimum value: 0 Maximum value: 4294967295

0

source-ip

Source IP address for communications to the SCEP server.

ipv4-address

Not Specified

0.0.0.0