Fortinet FortiGate Series Administration Manual page 45

What's new in FortiOS Version 4.0 MR1
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Certificate auto-update is configured in the CLI:
To configure auto-update of a local certificate
config vpn certificate local
edit <certificate_name>
set scep-url <URL_str>
set scep-password <password_str>
set auto-regenerate-days <days_int>
set auto-regenerate-days-warning <days_int>
end
end
Variable
<certificate_name>
scep-url <URL_str>
scep-password
<password_str>
auto-regenerate-
days <days_int>
auto-regenerate-
days-warning
<days_int>
To configure auto-update of a CA certificate
config vpn certificate ca
edit <certificate_name>
set scep-url <URL_str>
set auto-update-days <days_int>
set auto-update-days-warning <days_int>
end
end
Variable
<certificate_name>
scep-url <URL_str>
auto-update-days
<days_int>
auto-update-days-
warning <days_int>
To configure CRL auto-update
config vpn certificate crl
edit <crl_name>
set scep-url <URL_str>
set update-interval <seconds>
end
end
Description
The name of the local certificate.
Enter the URL of the SCEP server.
Enter the password for the SCEP server.
Enter how many days before expiry the FortiGate
unit requests an updated local certificate. Enter 0 for
no auto-update.
Enter how many days before local certificate expiry
the FortiGate generates a warning message. Enter 0
for no warning.
Description
The name of the CA certificate.
Enter the URL of the SCEP server.
Enter how many days before expiry the FortiGate
unit requests an updated CA certificate. Enter 0 for
no auto-update.
Enter how many days before CA certificate expiry
the FortiGate generates a warning message. Enter 0
for no warning.
SCEP extensions
Default
No default.
No default.
No default.
0
0
Default
No default.
No default.
0
0
45