Skip to main content
ChrisTan
Staff
ChrisTan
Staff
October 22, 2025

Technical Tip: Azure CLI login Failure issue with FortiSASE deep inspection

  • October 22, 2025
  • 0 replies
  • 661 views
Description This article describes how to solve the Azure CLI Login Failure issue because the certificate verification failed.
Scope FortiSASE.
Solution

The end user can not access the Azure CLI with the following error message:

 

az login
Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
Retrieving tenants and subscriptions for the selection...
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1032)
Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate.

 

This is because the FortiSASE self-signed certificates verification failed with Azure.  To fix this issue, the FortiSASE CA certificate needs to be imported into the following PEM file:

 

For windows:

 

Windows 32-bit C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem
Windows 64-bit C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem

 

Download the CA certificate:

 

2025-10-20_15h46_06.png

 

Run:

 

C:\Users\user>az --version
azure-cli 2.78.0

core 2.78.0
telemetry 1.1.0

Dependencies:
msal 1.34.0b1
azure-mgmt-resource 23.3.0

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'  <------
Config directory 'C:\Users\user\.azure'
Extensions directory 'C:\Users\user\.azure\cliextensions'

 

To find out the partition.

 

Copy the certificate:

 

-----BEGIN CERTIFICATE-----

<certificate here>

-----END CERTIFICATE-----

 

2025-10-21_10h56_53.png

 

To the pem file.

The Azure CLI can log in now:

 

C:\Users\tchris>az login
Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136

Retrieving tenants and subscriptions for the selection...

[Tenant and subscription selection]

...

[Announcements]
With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271236

If you encounter any problem, please open an issue at https://aka.ms/azclibug

[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.
    Terms & ConditionsAccessibility statement