execute : certificate inter-ca
 
certificate inter-ca
Use this command to upload an intermediate CA’s certificate.
If a server certificate is signed by an intermediate (non-root) certificate authority rather than a root CA, before the client trusts the server’s certificate, you must demonstrate a link with trusted root CAs. This mechanism proves that the server’s certificate is genuine. Otherwise, the server certificate may cause the end-user’s web browser to display certificate warnings.
Syntax
execute certificate inter-ca import {tftp | auto} {<vdom_name> | root} <cert_name> {<tftp_ipv4> | <scep_url>} [<ca_id>]
Variable
Description
Default
{tftp | auto}
Use one of the following options to specify the location of the certificate to upload to FortiWeb:
tftp — A TFTP server.
auto — A SCEP (Simple Certificate Enrollment Protocol) server.
No default.
{<vdom_name> | root}
Specifies the administrative domain (ADOM) that the certificate applies to.
If ADOMs are not enabled, specify root.
root
<cert_name>
If the certificate is located on a TFTP server, the name of the certificate file.
No default.
{<tftp_ipv4> | <scep_url>}
If the certificate is located on a TFTP server, the IP address of the server.
If the source of the certificate is a SCEP server, the URL of the server.
No default.
<ca_id>
Optionally, if the source of the certificate is a SCEP server, you can use a CA identifier to specify a specific CA.
No default.
Example
This example uploads the certificate file ca.cer from the TFTP server 192.168.1.23.
execute certificate inter-ca import tftp root ca.cer 192.168.1.23
This example uploads the certificate file from the SCEP server at http://10.0.0.31/certsrv/mscep/mscep.dll.
execute certificate inter-ca import auto root http://10.0.0.31/certsrv/mscep/mscep.dll
Related topics
config system certificate intermediate-certificate
execute certificate ca
execute certificate crl
execute certificate local