execute : certificate ca
 
certificate ca
Use this command to upload a trusted CA certificate.
Certificate authorities (CAs) validate and sign others’ certificates. FortiWeb determines whether a client or device’s certificate is genuine by comparing the CA’s signature and the copy of the CA certificate that you have uploaded. If they are made by the same private key, the CA’s signature is genuine, and therefore the client or device’s certificate is legitimate.
Syntax
execute certificate ca import {tftp | auto} {<vdom_name> | root} <cert_name> {<tftp_ipv4> | <scep_url>} [<ca_id>]
Variable
Description
Default
{tftp | auto}
Use one of the following options to specify the location of the CA certificate:
tftp — From a TFTP server.
auto — From a SCEP (Simple Certificate Enrollment Protocol) server.
No default.
{<vdom_name> | root}
Specifies the administrative domain (ADOM) that the certificate applies to.
If ADOMs are not enabled, specify root.
No default.
<cert_name>
If the certificate is located on a TFTP server, the name of the certificate file.
No default.
{<tftp_ipv4> | <scep_url>}
If the certificate is located on a TFTP server, the IP address of the server.
If the source of the certificate is a SCEP server, the URL of the server.
No default.
<ca_id>
Optionally, if the source of the certificate is a SCEP server, you can use a CA identifier to specify a specific CA.
No default.
Example
This example uploads the trusted CA certificate file ca.cer from the TFTP server 192.168.1.23.
execute certificate ca import tftp root ca.cer 192.168.1.23
This example uploads the trusted CA certificate file from the SCAEP server at http://10.0.0.31/certsrv/mscep/mscep.dll.
Related topics
config system certificate ca
execute certificate crl
execute certificate inter-ca
execute certificate local