Fortinet 3.0 MR4 manual User pki

set

user pki

Commands

Description

Default

<name_str>

<name_str> is the PKI user name.

ca <cert_str>

Enter the name of the CA certificate used when validating the

CA’s signature of the client certificate.

domain <domain_str>

Enter the protected domain to which the PKI user is assigned. If

Domain is System, the PKI user belongs to all domains

configured on the FortiMail unit.

ldapfield

Enter the name of the field in the client certificate (either CN or

{subject alternative

Subject Alternative) which contains the email address of the

PKI user.

cn}

ldapprofile

Enter the LDAP profile to use when querying the LDAP server.

<profile_str>

ldapquery {enable

Enable to query an LDAP directory, such as Microsoft

disable}

ActiveDirectory, to determine the existence of the PKI user who

is attempting to authenticate, then also configure LDAP Profile

and Query Field.

ocspaction {revoke

Enter the action to take if the OCSP server is unavailable. If set

ignore}

to ignore, the FortiMail unit allows the user to authenticate. If

set to revoke, the Fortimail unit behaves as if the certificate is

currently revoked, and authentication fails.

ocspca <url>

The URL of the OCSP server.

ocspverify {enable

Enable to use an Online Certificate Status Protocol (OCSP)

disable}

server to query whether the client certificate has been revoked.

subject <subject_str>

Enter the value which must match the “subject” field of the

client certificate. If empty, matching values are not considered

when validating the client certificate presented by the PKI

user’s web browser.

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference

06-30004-0420-20080814

347