system certificate remote
Use this command to configure an OCSP server.
Once an OCSP server is configured, OCSP stapling may be enabled. When OCSP stapling is enabled, FortiWeb periodically fetches the revocation status of the specified certificate from the OCSP server and caches the response for a period if the revocation status is contained in the response.
For more information on OCSP stapling, see the FortiWeb Administration Guide:
http://docs.fortinet.com/fortiweb/admin-guides
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the admingrp
area. For details, see Permissions.
Syntax
config system certificate remote
edit "<ocsp_name>"
set certificate "<certificate_name>"
set ocsp_url "<url>"
next
end
Variable | Description | Default |
Enter the name of an OCSP group. The maximum length is 63 characters. This group can be used if OCSP stapling is enabled in a server policy. | No default | |
A CA certificate that has been imported in FortiWeb. | No default | |
Optionally, enter a comment for the OCSP group. | No default | |
Enter URL of the OCSP server corresponding to the specified CA certificate. | No default |
Example
This example creates an OCSP group for the CA certificate CA_Cert_1
.
config system certificate remote
edit ocsp_ca_cert_1
set certificate "CA_Cert_1"
set comment "OCSP for CA_Cert_1"
set ocsp_url "http://ocsp.example.com"
next
end