FGT # config vpn certificate ca
FGT (ca) # rename CA_Cert_1 to Example-CA
FGT (ca) # end
If you have the CRL file, you can import it directly by choosing Local PC in the System, Certificates, CRL page. Then, go to view it and you should see the LDAP location (as seen in the verification section further below).
Here is a screenshot of the CRL location, from a webserver certificate | Here is a screenshot of the CRL location, from a CRL file |
config user ldap
edit "LDAP-CRL"
set server "10.150.0.55"
set cnid "cn"
set dn "CN=Example Root Authority,CN=vsrvz-svb25,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=example,DC=org"
set port 636
set secure ldaps
set ca-cert "Example-CA"
next
endIf you imported the CRL, you must edit the entry and select the LDAP server and enter the fully qualified LDAP username and password.
config vpn certificate crl
edit "CRL_1"
set ldap-server "LDAP-CRL"
set ldap-username "CN=LDAP account,CN=Users,DC=example,DC=org"
set ldap-password <the-password>
next
endOnce the CRL entry has been created, you can adjust the update interval via the CLI. The example below shows CRL updates being done every 24 hours.
config vpn certificate crl
edit "CRL_1"
set update-interval 86400
next
end
FGT # config vpn certificate crl
FGT (crl) # rename CRL_1 to vsrvz-svb25-CRL
FGT (crl) # end
FGT #
FGT # config vpn certificate crl
FGT (crl) # edit vsrvz-svb25-CRL
FGT (vsrvz-svb25-CRL) # get
name : vsrvz-svb25-CRL
crl :
issuer: /CN=Example Root Authority
last update: 2014-09-02 19:53:15 GMT
next update: 2014-09-10 08:13:15 GMT
version: 2
Serial Num:
21:fb:7f:69:00:00:00:00:00:07
Extensions:
Name: X509v3 Authority Key Identifier
Critical: no
Content:
keyid:97:B3:01:66:A9:C9:AA:CA:57:DF:69:D6:F5:7E:27:51:16:37:2E:3E
Name: 1.3.6.1.4.1.311.21.1
Critical: no
Content:
...
Name: X509v3 CRL Number
Critical: no
Content:
15
Name: 1.3.6.1.4.1.311.21.4
Critical: no
Content:
140909200315Z .
Name: X509v3 Freshest CRL
Critical: no
Content:
Full Name:
URI:ldap:///CN=Example%20Root%20Authority,CN=vsrvz-svb25,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=example,DC=org?deltaRevocationList?base?objectClass=cRLDistributionPoint
http-url :
ldap-server : LDAP-CRL
scep-cert : Fortinet_Firmware
scep-url :
source-ip : 0.0.0.0
update-interval : 86400
update-vdom : root
ldap-password : *
ldap-username : CN=LDAP account,CN=Users,DC=example,DC=org
FGT (vsrvz-svb25-CRL) # end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.