Uploading the CA’s certificate to FortiWeb’s trusted CA store
In order for FortiWeb to be able to verify the CA’s signature on client’s personal certificates when they connect, the CA’s certificate must exist in the FortiWeb’s trusted CA certificate store.
You must either:
• in all personal certificates, include the full signing chain up to a CA that FortiWeb knows in order to prove that the clients’ certificates should be trusted
| To harden security, regularly update FortiWeb’s CRL file in order to immediately revoke a CA’s certificate if has been compromised. See “Revoking certificates”. |