beautypg.com

User pki, Syntax, History – Fortinet FortiMail 3.0 MR4 User Manual

Page 347

background image

set

user pki

FortiMail™ Secure Messaging Platform Version 3.0 MR4 CLI Reference
06-30004-0420-20080814

347

user pki

Use this command to configure PKI authentication for users.

Syntax

set user pki name ca

set user pki name domain

set user pki name ldapfield {subject alternative | cn}

set user pki name ldapprofile

set user pki name ldapquery {enable | disable}

set user pki name ocspaction {revoke | ignore}

set user pki name ocspca

set user pki name ocspverify {enable | disable}

set user pki name subject

History

Commands

Description

Default

is the PKI user name.

ca

Enter the name of the CA certificate used when validating the
CA’s signature of the client certificate.

domain

Enter the protected domain to which the PKI user is assigned. If
Domain is System, the PKI user belongs to all domains
configured on the FortiMail unit.

ldapfield

{subject alternative |

cn}

Enter the name of the field in the client certificate (either CN or
Subject Alternative) which contains the email address of the
PKI user.

ldapprofile

Enter the LDAP profile to use when querying the LDAP server.

ldapquery {enable |

disable}

Enable to query an LDAP directory, such as Microsoft
ActiveDirectory, to determine the existence of the PKI user who
is attempting to authenticate, then also configure LDAP Profile
and Query Field.

ocspaction {revoke |

ignore}

Enter the action to take if the OCSP server is unavailable. If set
to ignore, the FortiMail unit allows the user to authenticate. If
set to revoke, the Fortimail unit behaves as if the certificate is
currently revoked, and authentication fails.

ocspca

The URL of the OCSP server.

ocspverify {enable |

disable}

Enable to use an Online Certificate Status Protocol (OCSP)
server to query whether the client certificate has been revoked.

subject

Enter the value which must match the “subject” field of the
client certificate. If empty, matching values are not considered
when validating the client certificate presented by the PKI
user’s web browser.

FortiMail v3.0 MR4 New.