FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kiri
Staff
Staff
Article Id 412013
Description This article describes FortiAuthenticator certificate capacity.
Scope FortiAuthenticator v6.5, v6.6.
Solution

When using FortiAuthenticator as certification authority, any certificates it signs it also adds to its user certificate store to keep track of and allow revocation.

 

For example: a 100 user license has a capacity of 500 user certificates (the user certificate capacity is 5x licensed user count).

 

The maximum does apply to certificates enrolled via SCEP and other means. Revoked or expired certificates do not use up the capacity.


Essentially, the FortiAuthenticator allows up to 5x user count in concurrent valid certificates. Non-expired certificates cannot be deleted from FortiAuthenticator: even if they are revoked, they are required for CRL. FortiAuthenticator only allows them to be deleted after they have expired.

 

Related document:

Maximum values for VM - FortiAuthenticator 6.6.6 release notes