Setting name | Description |
Domain | Specify the domain of the secure website (HTTPS) that uses the certificate specified by Local Certificate. |
Local Certificate | Select the server certificate that FortiWeb uses to encrypt or decrypt SSL-secured connections for the web site specified by Domain. For more information, see “Uploading a server certificate”. |
Intermediate CA Group | Select the name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to validate the CA signature of the certificate specified by Local Certificate. If clients receive certificate warnings that an intermediary CA has signed the server certificate configured in Local Certificate, rather than by a root CA or other CA currently trusted by the client directly, configure this option. For more information, see “Grouping trusted CAs’ certificates”. Alternatively, include the entire signing chain in the server certificate itself before you upload it to FortiWeb, which completes the chain of trust with a CA already known to the client. See “Uploading a server certificate” and “Supplementing a server certificate with its signing chain”. |
Certificate Verify | Select the name of a certificate verifier, if any, that FortiWeb uses when an HTTP client presents its personal certificate to the web site specified by Domain. (If you do not select one, the client is not required to present a personal certificate. See also “How to apply PKI client authentication (personal certificates)”.) Personal certificates, sometimes also called user certificates, establish the identity of the person connecting to the web site (PKI authentication). You can require that clients present a certificate instead of, or in addition to, HTTP authentication (see “Offloading HTTP authentication & authorization”). Note: The client must support SSL 3.0 or TLS 1.0. |