Fortinet 319 FortiWeb 5.0 Patch 6 Administration Guide
3. Do one of the following to locate a CRL file:
•Select HTTP, then enter the URL of an HTTP site providing a CRL service.
•Select SCEP, then enter the URL of the applicable Simple Certificate Enrollment Protocol
server. (SCEP allows routers and other intermediate network devices to obtain
certificates.)
•Select Local PC, then browse to locate a certificate file.
4. Click OK.
The imported CRL file appears on System > Certificates > CRL with a name automatically
assigned by the FortiWeb appliance, such as CRL_1.
5. To use the CRL for client PKI authentication, select the CRL in a certificate verification rule
(see “Configuring FortiWeb to validate client certificates” on page 316).
See also
•Revoking certificates by OCSP query
Revoking certificates by OCSP queryOnline certificate status protocol (OCSP) enables you to revoke or validate certificates by query,
rather than by importing certificate revocation list (CRL) files. Since distributing and installing
CRL files can be a considerable burden in large organizations, and because delay between the
release and install of the CRL represents a vulnerability window, this can often be preferable.
To use OCSP queries, you must first install the certificates of trusted OCSP/CRL servers.
To view or upload a remote certificate
1. Go to System > Certificates > Remote.
You can click View Certificate Detail to view the selected certificate’s subject, range of dates
within which the certificate is valid, version number, serial number, and extensions.
To access this part of the web UI, your administrator's account access profile must have
Read and Write permission to items in the Admin Users category. For details, see
“Permissions” on page 47.
2. To upload a file, click Import.
A dialog appears.
3. Click Browse and locate an OCSP-compatible certificate file.
4. Click Open on the browse window to select the file.
5. Click OK.
6. Select OCSP when configuring a certificate verification rule (see “Configuring FortiWeb to
validate client certificates” on page 316).