Fortinet 315 FortiWeb 5.0 Patch 6 Administration Guide
Figure 41:Importing a personal certificate in Google Chrome — [Wrench icon] > Options >
Under the Hood, click Manage Certificates, then click Import
Uploading the CA’s certificate to FortiWeb’s trusted CA storeIn order for FortiWeb to be able to verify the CA’s signature on client’s personal certificates when
they connect, the CA’s certificate must exist in the FortiWeb’s trusted CA certificate store.
You must either:
• upload the certificates of the signing CA and all intermediary CAs to FortiWeb’s store of CA
certificates (see “Uploading trusted CAs’ certificates” on page 280)
•in all personal certificates, include the full signing chain up to a CA that FortiWeb knows in
order to prove that the clients’ certificates should be trusted
To harden security, configure FortiWeb with an OCSP server or regularly update its CRL file in
order to immediately revoke a CA’s certificate if has been compromised. See “Revoking
certificates” on page 318.