Troubelshooting Tip: How to find where the Cert have been called in Whole configuration

There are SSL certificates used in Fortiweb as Local certificates. These Certs are called at various configs such as SNI, Server Policy, and Client Certificate.

It is sometimes necessary to delete a particular certificate from the FortiWeb store. While trying to delete that cert, an error message might pop up as below:

This message means that the Certificate have been referenced in some configuration. To delete that, remove that Certificate from the config where it has been called.

One way to check this is by entering the Server policy and checking the Certificate sections, or SNI config.

However, in cases where there are hundreds of Policies and it is difficult to go to the individual policy, it must follow a different way around.

1. Download the config file, under System -> Maintenance -> Backup & Restore, and backup the entire config.

2. Extract that config file from the Achieved file.
3. Open that config file on Notepad++.
4. Select 'Find' type in the Certificate name and select 'Find all' in the current Document.

5. It will give the total references to where this certificate would be called. Use this as a reference, and remove that certificate from the config where it is called.