Secure connections and certificates Page 109 FortiRecorder 2.4.2 Administration Guide
4. Click the Download CA certificate, certificate chain, or CRL link.
The Download a CA Certificate, Certificate Chain, or CRL page appears.
5. From Encoding Method, select Base64.
6. Click Download CA certificate.
7. If your browser prompts you, select a location to save the CA’s certificate file.
See also
• Uploading trusted CAs’ certificates
Revoking certificates
To ensure that your FortiRecorder appliance validates only certificates that have not been
revoked, you should periodically upload a current certificate revocation list (CRL), which may be
provided by certificate authorities (CA).
To upload a CRL file
1. Go to System > Certificate > Certificate Revocation List.
2. Click Import.
3. In Certificate name, type the name of the certificate as it will be referred to in the appliance’s
configuration file.
4. Next to Certificate file, click Browse, then select the certificate file.
5. Click OK.
The certificate is uploaded to the appliance. TIme required varies by the size of the file and
the speed of the network connection, but is typically only a few seconds.
Revoking certificates by OCSP query
Online certificate status protocol (OCSP) enables you to revoke or validate certificates by query,
rather than by importing certificate revocation list (CRL) files. Since distributing and installing
Alternatively, you can use HTTP or online certificate status protocol (OCSP) to query for
certificate status. For more information, see “Revoking certificates by OCSP query”.
To Next Page
Loading...