config : system certificate local
 
system certificate local
Use this command to edit the comment associated with a server certificate that is stored locally on the FortiWeb appliance.
FortiWeb appliances require these certificates to present when clients request secure connections, including when:
administrators connect to the web UI (HTTPS connections only)
web clients use SSL or TLS to connect to a virtual server, if you have enabled SSL off-loading in the policy (HTTPS connections and reverse proxy mode)
web clients use SSL or TLS to connect to a physical server (HTTPS connections and true transparent mode)
FortiWeb appliances also require certificates in order to decrypt and scan HTTPS connections travelling through it if operating in offline protection or transparent inspection modes.
Which certificate will be used, and how, depends on the purpose.
For connections to the web UI, the FortiWeb appliance presents its default certificate.
 
The FortiWeb appliance’s default certificate does not appear in the list of local certificates. It is used only for connections to the web UI and cannot be removed.
For SSL off-loading or SSL decryption, upload certificates that do not belong to the FortiWeb appliance, but instead belong to the protected hosts. Then, select which one the FortiWeb appliance will use when configuring the SSL option in a policy or server farm.
For information on how to upload a certificate file, see the FortiWeb Administration Guide.
To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For more information, see “Permissions”.
Syntax
config system certificate local
edit <certificate_name>
set comment "<comment_str>"
set status {na | ok | pending}
set type {certificate | csr}
set flag {0 | 1}
next
end
Variable
Description
Default
<certificate_name>
Type the name of a certificate file. The maximum length is 35 characters.
No default.
comment "<comment_str>"
Type a description or other comment. If the comment contains more than one word or contains an apostrophe, surround the comment in double quotes ( " ). The maximum length is 127 characters.
No default.
status {na | ok | pending}
Indicates the status of an imported certificate:
na indicates that the certificate was successfully imported, and is currently selected for use by the FortiWeb appliance.
ok indicates that the certificate was successfully imported but is not selected as the certificate currently in use. To use the certificate, select it in a policy or server farm.
pending indicates that the certificate request was generated, but must be downloaded, signed, and imported before it can be used as a local certificate.
No default.
type {certificate | csr}
Indicates whether the file is a certificate or a certificate signing request (CSR).
No default.
flag {0 | 1}
Indicates if a password was saved. This is used by FortiWeb for backwards compatibility.
No default.
Example
This example adds a comment to the certificate named certificate1.
config system certificate local
edit certificate1
set comment "This is a certificate for the host www.example.com."
next
end
Related topics
config server-policy policy
config server-policy server-pool