Fortinet black logo

Administration Guide

Home FortiSwitch 7.2.7 Administration Guide
7.2.7
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.9
7.0.8
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.11
6.4.6
6.4.5
6.4.3
6.4.2
6.4.0
6.2.5
6.2.2
6.2.1
6.2.0

Authorities

Authorities

FortiSwitch units come with many CA certificates from well-known certificate authorities pre-installed. Use the Certificate Authorities page to add private CA certificates to the FortiSwitch unit so that certificates signed by the private CA are trusted by the FortiSwitch unit.

In the CLI, you can import a CA certificate from a TFTP or SCEP server to the FortiSwitch unit or export a CA certificate from the FortiSwitch unit to a TFTP server. Before using either CLI command, you must obtain a CA certificate issued by a Certificate Authority.

Import a CA certificate using the GUI:

  1. Go to System > Certificate > Authorities.

  2. Click Import.

  3. In the Type dropdown list, select SCEP or Local PC.

  4. If you selected SCEP, enter the CA server URL and the CA identifier.

  5. If you selected Local PC, click Choose File and browse to your certificate file.

  6. Click Import.

Import a CA certificate using the CLI:

  • execute system certificate ca import auto <CA_certificate_server_URL> [ca_identifier]

  • execute system certificate ca import tftp <file_name_on_TFTP_server> <TFTP_server_IP_address>

For example:

execute system certificate ca import tftp cacert.cer 1.2.3.4

Export a CA certificate using the CLI:

execute system certificate ca export tftp <CA_certificate_name> <file_name_on_TFTP_server> <TFTP_server_IP_address>

For example:

execute system certificate ca export tftp cacertificate ca_cert.cer 1.2.3.4

Previous
Next

Authorities

FortiSwitch units come with many CA certificates from well-known certificate authorities pre-installed. Use the Certificate Authorities page to add private CA certificates to the FortiSwitch unit so that certificates signed by the private CA are trusted by the FortiSwitch unit.

In the CLI, you can import a CA certificate from a TFTP or SCEP server to the FortiSwitch unit or export a CA certificate from the FortiSwitch unit to a TFTP server. Before using either CLI command, you must obtain a CA certificate issued by a Certificate Authority.

Import a CA certificate using the GUI:

  1. Go to System > Certificate > Authorities.

  2. Click Import.

  3. In the Type dropdown list, select SCEP or Local PC.

  4. If you selected SCEP, enter the CA server URL and the CA identifier.

  5. If you selected Local PC, click Choose File and browse to your certificate file.

  6. Click Import.

Import a CA certificate using the CLI:

  • execute system certificate ca import auto <CA_certificate_server_URL> [ca_identifier]

  • execute system certificate ca import tftp <file_name_on_TFTP_server> <TFTP_server_IP_address>

For example:

execute system certificate ca import tftp cacert.cer 1.2.3.4

Export a CA certificate using the CLI:

execute system certificate ca export tftp <CA_certificate_name> <file_name_on_TFTP_server> <TFTP_server_IP_address>

For example:

execute system certificate ca export tftp cacertificate ca_cert.cer 1.2.3.4

Previous
Next