Variable | Description | Default |
<sni_name> | Type the name of an Server Name Indication (SNI) configuration. | No default. |
<entry_index> | Type the index number of an SNI configuration entry. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
domain <server_fqdn> | Type the domain of the secure website (HTTPS) that uses the certificate specified by local-cert <local-cert_name>. | No default. |
local-cert <local-cert_name> | Type the name of the server certificate that FortiWeb uses to encrypt or decrypt SSL-secured connections for the website specified by domain <server_fqdn>. | |
inter-group <intermediate-cagroup_name> | Type the name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to validate the CA signature of the certificate specified by local-cert <local-cert_name>. If clients receive certificate warnings that an intermediary CA has signed the server certificate configured in local-cert, rather than by a root CA or other CA currently trusted by the client directly, configure this option. Alternatively, include the entire signing chain in the server certificate itself before uploading it to the FortiWeb appliance, thereby completing the chain of trust with a CA already known to the client. See the FortiWeb Administration Guide. | |
verify <certificate_verificator_name> | Type the name of a certificate verifier, if any, that FortiWeb uses when an HTTP client presents its personal certificate. (If you do not select one, the client is not required to present a personal certificate.) Personal certificates, sometimes also called user certificates, establish the identity of the person connecting to the web site (PKI authentication). You can require that clients present a certificate alternatively or in addition to HTTP authentication (see “waf http-authen http-authen-rule”). To display the list of existing verifiers, type: edit ? Note: The client must support SSL 3.0 or TLS 1.0. |