You can either use the GUI of the FortiGate to list all certificates, or use the CLI. Either using the commands:
edit root #<--- your management vdom/your vdom of choice
get vpn certificate ca
FGT50E00000000 (root) #
FGT50E00000000 (root) # get vpn certificate ca
== [ Fortinet_Wifi_CA ]
name: Fortinet_Wifi_CA
== [ Fortinet_CA ]
name: Fortinet_CA
== [ ACCVRAIZ1 ]
name: ACCVRAIZ1
== [ AC_RAIZ_FNMT-RCM ]
name: AC_RAIZ_FNMT-RCM
== [ Actalis_Authentication_Root_CA ]
name: Actalis_Authentication_Root_CA
[...]
FGT50E00000000 (root) #
FGT50E00000000 (root) # show vpn certificate ca
config vpn certificate ca
end
FGT50E00000000 (root) # show full-configuration vpn certificate ca
config vpn certificate caend
FGT50E00000000 (root) # show full-configuration | grep -f 'vpn certificate ca'
config vpn certificate ca <---
end
FGT50E00000000 (root) #
Using the "fnsysctl" command
Using the fnsysctl command might be helpful:
FGT50E00000000 #
FGT50E00000000 # fnsysctl ls -la /etc/cert/local/
drwxr-xr-x 2 0 0 Wed Dec 25 21:43:14 2019 0 .
drwxr-xr-x 6 0 0 Wed Sep 18 20:39:27 2019 0 ..
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 2250 root_2020jan_sub.domain.tld.cer
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 1407 root_Fortinet_CA_SSL.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1419 root_Fortinet_CA_Untrusted.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 4285 root_Fortinet_Factory.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1679 KEY-FILE[...]
FGT50E00000000 #
FGT50E00000000 # fnsysctl ls -la /etc/cert/ca
drwxr-xr-x 2 0 0 Wed Dec 25 21:41:28 2019 0 .
drwxr-xr-x 6 0 0 Wed Sep 18 20:39:27 2019 0 ..
-rw------- 1 0 0 Wed Sep 18 20:35:55 2019 119 ca_bundle_ver
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 1972 root_AC_RAIZ_FNMT-RCM.cer
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 2772 root_ACCVRAIZ1.cer
-rw------- 1 0 0 Wed Sep 18 20:35:55 2019 2041 root_ACEDICOM_Root.cer
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 2049 root_Actalis_Authentication_Root_CA.cer
-rw------- 1 0 0 Tue Jan 14 20:06:14 2020 1521 root_AddTrust_External_Root.cer[...]
Using the "get" command
config vdomedit root #<--- your management vdom/your vdom of choice
get vpn certificate ca
FGT50E00000000 (root) #
FGT50E00000000 (root) # get vpn certificate ca
== [ Fortinet_Wifi_CA ]
name: Fortinet_Wifi_CA
== [ Fortinet_CA ]
name: Fortinet_CA
== [ ACCVRAIZ1 ]
name: ACCVRAIZ1
== [ AC_RAIZ_FNMT-RCM ]
name: AC_RAIZ_FNMT-RCM
== [ Actalis_Authentication_Root_CA ]
name: Actalis_Authentication_Root_CA
[...]
Using the "show" command
The show command might not be very helpful, because it does not necessarily show all certificates:FGT50E00000000 (root) #
FGT50E00000000 (root) # show vpn certificate ca
config vpn certificate ca
end
FGT50E00000000 (root) # show full-configuration vpn certificate ca
config vpn certificate caend
FGT50E00000000 (root) # show full-configuration | grep -f 'vpn certificate ca'
config vpn certificate ca <---
end
FGT50E00000000 (root) #
Using the "fnsysctl" command
Using the fnsysctl command might be helpful:FGT50E00000000 #
FGT50E00000000 # fnsysctl ls -la /etc/cert/local/
drwxr-xr-x 2 0 0 Wed Dec 25 21:43:14 2019 0 .
drwxr-xr-x 6 0 0 Wed Sep 18 20:39:27 2019 0 ..
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 2250 root_2020jan_sub.domain.tld.cer
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:46 2019 1407 root_Fortinet_CA_SSL.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1419 root_Fortinet_CA_Untrusted.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1704 KEY-FILE
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 4285 root_Fortinet_Factory.cer
-rw------- 1 0 0 Wed Sep 18 20:35:47 2019 1679 KEY-FILE[...]
FGT50E00000000 #
FGT50E00000000 # fnsysctl ls -la /etc/cert/ca
drwxr-xr-x 2 0 0 Wed Dec 25 21:41:28 2019 0 .
drwxr-xr-x 6 0 0 Wed Sep 18 20:39:27 2019 0 ..
-rw------- 1 0 0 Wed Sep 18 20:35:55 2019 119 ca_bundle_ver
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 1972 root_AC_RAIZ_FNMT-RCM.cer
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 2772 root_ACCVRAIZ1.cer
-rw------- 1 0 0 Wed Sep 18 20:35:55 2019 2041 root_ACEDICOM_Root.cer
-rw------- 1 0 0 Tue Jan 14 20:06:15 2020 2049 root_Actalis_Authentication_Root_CA.cer
-rw------- 1 0 0 Tue Jan 14 20:06:14 2020 1521 root_AddTrust_External_Root.cer[...]
No comments:
Post a Comment