Fortinet black logo

CLI Reference

Home FortiManager 5.6.9 CLI Reference

certificate

5.6.9
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.8
5.6.7
5.6.7
5.6.6
5.6.6
5.6.5
5.6.5
5.6.4
5.6.4
5.6.3
5.6.3
5.6.2
5.6.2
5.6.1
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.6
5.4.5
5.4.5
5.4.4
5.4.4
5.4.3
5.4.3
5.4.2
5.4.2
5.4.1
5.4.1
5.4.0
5.4.0
5.2.10
5.2.9
5.2.9
5.2.7
5.2.7
5.2.6
5.2.6
5.2.4
5.2.4
5.2.3
5.2.3
5.2.2
5.2.2
5.2.1
5.2.0
5.0.12
5.0.12
5.0.11
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.0
4.0.0
Copy Link
Copy Doc ID 6e20b1a4-9de2-11e9-81a4-00505692583a:360462
External
Download PDF

certificate

Use these commands to manage certificates.

certificate ca

Use these commands to list CA certificates, and to import or export CA certificates.

Syntax

To list the CA certificates installed on the FortiManager unit:

execute certificate ca list

To export or import CA certificates:

execute certificate ca {<export>|<import>} <cert_name> <tftp_ip>

Variable

Description

list

Generate a list of CA certificates on the FortiManager system.

<export>

Export CA certificate to TFTP server.

<import>

Import CA certificate from a TFTP server.

<cert_name>

Name of the certificate.

<tftp_ip>

IP address of the TFTP server.

certificate local

Use these commands to list local certificates, and to import or export local certificates. To generate a certificate request, see “certificate local generate” on page 170.

Syntax

To list the local certificates installed on the FortiManager unit:

execute certificate local list

To export or import local certificates:

execute certificate local {<export>|<import>} <cert_name> <tftp_ip>

Variable

Description

list

Generate a list of CA certificates on the FortiManager system.

<export>

Export CA certificate to TFTP server.

<import>

Import CA certificate from a TFTP server.

<cert_name>

Name of the certificate.

<tftp_ip>

IP address of the TFTP server.

certificate local generate

Use this command to generate a certificate request.

Syntax

execute certificate local generate <certificate-name_str> <subject> <number> [<optional_information>]

Variable

Description

<certificate-name_str>

Enter a name for the certificate. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

<number>

Enter 512, 1024, 1536, or 2048 for the size, in bits, of the encryption key.

<subject>

Enter one of the following pieces of information to identify the FortiManager unit being certified:

  • The FortiManager unit IP address
  • The fully qualified domain name of the FortiManager unit
  • An email address that identifies the FortiManager unit
  • An IP address or domain name is preferable to an email address.

[<optional_information>]

Enter optional_information as required to further identify the unit.

See the below table for the list of optional information variables. You must enter the optional variables in the order that they are listed in the table.

To enter any optional variable you must enter all of the variables that come before it in the list.

For example, to enter the organization_name_str, you must first enter the country_code_str, state_name_str, and city_name_str.

While entering optional variables, you can type? for help on the next required variable.
Optional information variables

Variable

Description

<country_code_str>

Enter the two-character country code.

<state_name_str>

Enter the name of the state or province where the FortiManager unit is located.

<city_name_str>

Enter the name of the city, or town, where the person or organization certifying the FortiManager unit resides.

<organization-name_str>

Enter the name of the organization that is requesting the certificate for the FortiManager unit.

<organization-unit_name_str>

Enter a name that identifies the department or unit within the organization that is requesting the certificate for the FortiManager unit.

<email_address_str>

Enter a contact email address for the FortiManager unit.

<ca_server_url>

Enter the URL of the CA (SCEP) certificate server that allows auto-signing of the request.

<challenge_password>

Enter the challenge password for the SCEP certificate server.
Previous
Next

certificate

Use these commands to manage certificates.

certificate ca

Use these commands to list CA certificates, and to import or export CA certificates.

Syntax

To list the CA certificates installed on the FortiManager unit:

execute certificate ca list

To export or import CA certificates:

execute certificate ca {<export>|<import>} <cert_name> <tftp_ip>

Variable

Description

list

Generate a list of CA certificates on the FortiManager system.

<export>

Export CA certificate to TFTP server.

<import>

Import CA certificate from a TFTP server.

<cert_name>

Name of the certificate.

<tftp_ip>

IP address of the TFTP server.

certificate local

Use these commands to list local certificates, and to import or export local certificates. To generate a certificate request, see “certificate local generate” on page 170.

Syntax

To list the local certificates installed on the FortiManager unit:

execute certificate local list

To export or import local certificates:

execute certificate local {<export>|<import>} <cert_name> <tftp_ip>

Variable

Description

list

Generate a list of CA certificates on the FortiManager system.

<export>

Export CA certificate to TFTP server.

<import>

Import CA certificate from a TFTP server.

<cert_name>

Name of the certificate.

<tftp_ip>

IP address of the TFTP server.

certificate local generate

Use this command to generate a certificate request.

Syntax

execute certificate local generate <certificate-name_str> <subject> <number> [<optional_information>]

Variable

Description

<certificate-name_str>

Enter a name for the certificate. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

<number>

Enter 512, 1024, 1536, or 2048 for the size, in bits, of the encryption key.

<subject>

Enter one of the following pieces of information to identify the FortiManager unit being certified:

  • The FortiManager unit IP address
  • The fully qualified domain name of the FortiManager unit
  • An email address that identifies the FortiManager unit
  • An IP address or domain name is preferable to an email address.

[<optional_information>]

Enter optional_information as required to further identify the unit.

See the below table for the list of optional information variables. You must enter the optional variables in the order that they are listed in the table.

To enter any optional variable you must enter all of the variables that come before it in the list.

For example, to enter the organization_name_str, you must first enter the country_code_str, state_name_str, and city_name_str.

While entering optional variables, you can type? for help on the next required variable.
Optional information variables

Variable

Description

<country_code_str>

Enter the two-character country code.

<state_name_str>

Enter the name of the state or province where the FortiManager unit is located.

<city_name_str>

Enter the name of the city, or town, where the person or organization certifying the FortiManager unit resides.

<organization-name_str>

Enter the name of the organization that is requesting the certificate for the FortiManager unit.

<organization-unit_name_str>

Enter a name that identifies the department or unit within the organization that is requesting the certificate for the FortiManager unit.

<email_address_str>

Enter a contact email address for the FortiManager unit.

<ca_server_url>

Enter the URL of the CA (SCEP) certificate server that allows auto-signing of the request.

<challenge_password>

Enter the challenge password for the SCEP certificate server.
Previous
Next