Description | This article describes the typical circumstances behind the 'Logs certificate import event'. |
Scope | FortiAuthenticator. |
Solution |
Event ID 10121 refers to an event log entry related to any certificate imported to the FortiAuthenticator. This log entry will also be able to show an error if there is any issues occur while the certificate is being imported. It includes log disregards how the certificate is being imported (can be from a CRL 'Certificate Revocation Lists' file or manually uploaded by the administrator).
CRL is important for FortiAuthenticator because it ensures that digital certificates that are no longer trustworthy due to compromise, misuse, or early invalidation are recognized and rejected before their expiry date. By listing revoked certificates, the CRL helps maintain trust in secure communications, prevents attackers from exploiting invalid certificates, and supports compliance with security standards, making it a key component of Public Key Infrastructure (PKI).
The sample system event message(s) will look like below:
Admin imported a CRL file from the GUI:
date=2025-09-04 time=20:13:33+0000 oid=8888 logid=10121 cat="Event" subcat="Admin Configuration" level="information" nas="" action="" status="" msg="CA certificate 'CN=test_CRL' was successfully imported" user="admin"
FortiAuthenticator successfully downloaded trusted CAs from the CRL:
date=2025-09-04 time=20:13:33+0000 oid=8888 logid=10121 cat="Event" subcat="Admin Configuration" level="information" nas="" action="" status="" msg="CRL file for trusted CAs has been downloaded successfully." user=""
FortiAuthenticator failed to download trusted CAs from the CRL:
date=2023-05-15 time=05:57:58+0000 oid=1108075 logid=10121 cat="Event" subcat="Admin Configuration" level="error" nas="" action="" status="" msg="Firmware CA certificate error, cannot import, idx=1, num_ca=1" user=""
There are many other events, and they will still share the same event IDs under 10121. They can be viewed under Log Access -> Logs -> filter '10121'. Check with the respective Certificate Revocation List Distribution Point (CDP) in case the CRL file is problematic. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.