FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
kwcheng__FTNT
Article Id 409529
Description This article describes the typical circumstances behind the 'Logs certificate import event'.
Scope FortiAuthenticator.
Solution

Event ID 10121 refers to an event log entry related to any certificate imported to the FortiAuthenticator.

This log entry will also be able to show an error if there is any issues occur while the certificate is being imported. It includes log disregards how the certificate is being imported (can be from a CRL 'Certificate Revocation Lists' file or manually uploaded by the administrator).

 

CRL is important for FortiAuthenticator because it ensures that digital certificates that are no longer trustworthy due to compromise, misuse, or early invalidation are recognized and rejected before their expiry date.

By listing revoked certificates, the CRL helps maintain trust in secure communications, prevents attackers from exploiting invalid certificates, and supports compliance with security standards, making it a key component of Public Key Infrastructure (PKI).

 

The sample system event message(s) will look like below:

 

Admin imported a CRL file from the GUI:

 

date=2025-09-04 time=20:13:33+0000 oid=8888 logid=10121 cat="Event" subcat="Admin Configuration" level="information" nas="" action="" status="" msg="CA certificate 'CN=test_CRL' was successfully imported" user="admin"

 

FortiAuthenticator successfully downloaded trusted CAs from the CRL:

 

date=2025-09-04 time=20:13:33+0000 oid=8888 logid=10121 cat="Event" subcat="Admin Configuration" level="information" nas="" action="" status="" msg="CRL file for trusted CAs has been downloaded successfully." user=""

 

FortiAuthenticator failed to download trusted CAs from the CRL:

 

date=2023-05-15 time=05:57:58+0000 oid=1108075 logid=10121 cat="Event" subcat="Admin Configuration" level="error" nas="" action="" status="" msg="Firmware CA certificate error, cannot import, idx=1, num_ca=1" user=""

 

There are many other events, and they will still share the same event IDs under 10121. They can be viewed under Log Access -> Logs -> filter '10121'.  Check with the respective Certificate Revocation List Distribution Point (CDP) in case the CRL file is problematic.