What’s new in FortiOS Version 4.0 MR1 SCEP extensions
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 45
http://docs.fortinet.com/ • Feedback
Certificate auto-update is configured in the CLI:
To configure auto-update of a local certificate
config vpn certificate local
edit <certificate_name>
set scep-url <URL_str>
set scep-password <password_str>
set auto-regenerate-days <days_int>
set auto-regenerate-days-warning <days_int>
end
end
To configure auto-update of a CA certificate
config vpn certificate ca
edit <certificate_name>
set scep-url <URL_str>
set auto-update-days <days_int>
set auto-update-days-warning <days_int>
end
end
To configure CRL auto-update
config vpn certificate crl
edit <crl_name>
set scep-url <URL_str>
set update-interval <seconds>
end
end
Variable Description Default
<certificate_name> The name of the local certificate. No default.
scep-url <URL_str> Enter the URL of the SCEP server. No default.
scep-password
<password_str>
Enter the password for the SCEP server. No default.
auto-regenerate-
days <days_int>
Enter how many days before expiry the FortiGate
unit requests an updated local certificate. Enter 0 for
no auto-update.
0
auto-regenerate-
days-warning
<days_int>
Enter how many days before local certificate expiry
the FortiGate generates a warning message. Enter 0
for no warning.
0
Variable Description Default
<certificate_name> The name of the CA certificate. No default.
scep-url <URL_str> Enter the URL of the SCEP server. No default.
auto-update-days
<days_int>
Enter how many days before expiry the FortiGate
unit requests an updated CA certificate. Enter 0 for
no auto-update.
0
auto-update-days-
warning <days_int>
Enter how many days before CA certificate expiry
the FortiGate generates a warning message. Enter 0
for no warning.
0
To Next Page
Loading...
