execute : vpn certificate crl
 
vpn certificate crl
Use this command to get a CRL via LDAP, HTTP, or SCEP protocol, depending on the auto-update configuration.
In order to use the command execute vpn certificate crl, the authentication servers must already be configured.
Digital certificates are used to ensure that both participants in an IPSec communications session are trustworthy, prior to an encrypted VPN tunnel being set up between the participants. The CA certificate is the certificate that the FortiGate unit uses to authenticate itself to other devices.
 
VPN peers must use digital certificates that adhere to the X.509 standard.
Digital certificates are not required for configuring FortiGate VPNs. Digital certificates are an advanced feature provided for the convenience of system administrators. This manual assumes the user has prior knowledge of how to configure digital certificates for their implementation.
Syntax
execute vpn certificate crl import auto <crl‑name>
Variable
Description
import
Import the CRL from the configured LDAP, HTTP, or SCEP authentication server to the FortiGate unit.
<crl‑name>
Enter the name of the CRL.
auto
Trigger an auto-update of the CRL from the configured LDAP, HTTP, or SCEP authentication server.