Default certificate authority

Default certificate authorities (CA) can be configured and, by default, web-proxy and ssl-ssh-profile use the default CAs:

config firewall ssl default-certificate
    set default-ca "Fortinet_CA_SSL"
    set default-untrusted-ca "Fortinet_CA_Untrusted"
    set default-server-cert "Fortinet_Factory"
end

config web-proxy global
    set ssl-cert "default-server-cert"
    set ssl-ca-cert "default-ca"
end

confir firewall ssl-ssh-profile
    edit 1
        set caname "default-ca"
        set untrusted-caname "default-untrusted-ca"
    next
end

The CA can be changed by either changing the default, or by setting a specific default for the web-proxy or ssl-ssh-profile. For example, to change the web-proxy CAs, but not the defaults:

config web-proxy global
    set ssl-cert "Personal_Server_CA"
    set ssl-ca-cert "Personal_CA"
end

Default certificate authority

Default certificate authorities (CA) can be configured and, by default, web-proxy and ssl-ssh-profile use the default CAs:

config firewall ssl default-certificate set default-ca "Fortinet_CA_SSL" set default-untrusted-ca "Fortinet_CA_Untrusted" set default-server-cert "Fortinet_Factory" end

config web-proxy global set ssl-cert "default-server-cert" set ssl-ca-cert "default-ca" end

confir firewall ssl-ssh-profile edit 1 set caname "default-ca" set untrusted-caname "default-untrusted-ca" next end

The CA can be changed by either changing the default, or by setting a specific default for the web-proxy or ssl-ssh-profile. For example, to change the web-proxy CAs, but not the defaults:

config web-proxy global set ssl-cert "Personal_Server_CA" set ssl-ca-cert "Personal_CA" end

Administration Guide

Default certificate authority

Default certificate authority

Default certificate authority