Fortinet 5.0 Patch 6 Uploading the CAs certificate to FortiWebs trusted CA store

Fortinet 315 FortiWeb 5.0 Patch 6 Administration Guide

Figure 41:Importing a personal certificate in Google Chrome — [Wrench icon] > Options >

Under the Hood, click Manage Certificates, then click Import

Uploading the CA’s certificate to FortiWeb’s trusted CA store

In order for FortiWeb to be able to verify the CA’s signature on client’s personal certificates when

they connect, the CA’s certificate must exist in the FortiWeb’s trusted CA certificate store.

You must either:

• upload the certificates of the signing CA and all intermediary CAs to FortiWeb’s store of CA

certificates (see “Uploading trusted CAs’ certificates” on page 280)

•in all personal certificates, include the full signing chain up to a CA that FortiWeb knows in

order to prove that the clients’ certificates should be trusted

To harden security, configure FortiWeb with an OCSP server or regularly update its CRL file in

order to immediately revoke a CA’s certificate if has been compromised. See “Revoking

certificates” on page 318.