certificate crl
Use this command to install a Certificate Revocation List (CRL).
To ensure that your FortiWeb appliance validates only certificates that have not been revoked, you should periodically upload a current certificate revocation list (CRL), which may be provided by certificate authorities (CA).
Syntax
Variable | Description | Default |
{tftp | auto | http} | Use one of the following options to specify the location of the CRL to upload to FortiWeb: • tftp — A TFTP server. • auto — A SCEP (Simple Certificate Enrollment Protocol) server. • http — An HTTP server. | No default. |
{<vdom_name> | root} | Specifies the administrative domain (ADOM) that the CRL applies to. If ADOMs are not enabled, specify root. | No default. |
<crl_name> | If the source of the CRL is a TFTP server, the name of the CRL file. | No default. |
{<tftp_ipv4> | <scep_url> | <http_url>} | If the source of the CRL is a TFTP server, the IP address of the server. If the source of the CRL is a SCEP server, the URL of the server. If the source of the CRL is an HTTP server, the URL of the server. | No default. |
Example
This example uploads the CRL file Cert31.crl from the TFTP server 192.168.1.23.
execute certificate crl import tftp root Cert31.crl 192.168.1.23
This example uploads the CRL file Cert31.crl from the HTTP server 10.0.0.31.
execute certificate crl import http root http://10.0.0.31/certsrv/CertEnroll/Cert31.crl
This example uploads a CRL file from the SCEP server at http://155.229.15.173/cert/scep.
execute certificate crl import auto root http://155.229.15.173/cert/scep
Related topics