Uploading the CA’s certificate to FortiWeb’s trusted CA store

Secure connections (SSL/TLS) : How to apply PKI client authentication (personal certificates) : Uploading the CA’s certificate to FortiWeb’s trusted CA store

In order for FortiWeb to be able to verify the CA’s signature on client’s personal certificates when they connect, the CA’s certificate must exist in the FortiWeb’s trusted CA certificate store.

You must either:

• upload the certificates of the signing CA and all intermediary CAs to FortiWeb’s store of CA certificates (see “Uploading trusted CAs’ certificates”)

• in all personal certificates, include the full signing chain up to a CA that FortiWeb knows in order to prove that the clients’ certificates should be trusted


	To harden security, regularly update FortiWeb’s CRL file in order to immediately revoke a CA’s certificate if has been compromised. See “Revoking certificates”.