Skip to main content
mumbles202
mumbles202
New Member
March 12, 2026
Question

FortiGate FIPS-CC with Azure SAML

  • March 12, 2026
  • 2 replies
  • 402 views

Working on a unit running 7.4.4 with FIPS-CC enabled.  Trying to get this integrated with Azure using SAML.  I had seen this document: 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-import-remote-certificate-to-FIPS-CC/ta-p/253435

 

so followed it as best I was able.  Created a csr/key via OpenSSL, got a certificate from a local Windows server (used Webserver template) that is the CA for the domain.  Created a PKCS12, imported that into Azure.  Downloaded the certificate per the document.  When I tried imported it into the FGT initially the firewall complained that it didn't trust the issuing CA.  So I imported the root certificate from the CA.  When I go back in to import the certificate now as a remote certificate, the GUI says it's importing, but it doesn't show up and isn't available in the cli or when trying to create a new SSO connection.  

 

I noticed that the certificate that was created doesn't have the basic constraints when reviewing the details.  Do I need to create the CSR on the FGT and get that signed instead?  If so, how do I get the PKCS12 for import into Azure w/o the private key that will be stored on the FGT?  I saw a post about getting in the cli via set/unset password and then an export but not sure if that works. 

2 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 15, 2026

Hello mumbles202, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
mumbles202
mumbles202Author
New Member
March 16, 2026

Thanks for the reply.  I was able to get the certificate to load and show up properly after a reboot of the firewall so that part is working.  Redirects normally as expected and authentication appears to be working, but the actual vpn client won't connect.  Looking through the logs on the FGT it's as though the vpn portion never starts, like it is hung waiting for SAML to complete and never attempts to start the vpn setup.

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 17, 2026

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team
mumbles202
mumbles202Author
New Member
March 17, 2026

We had this working with almost the same configuration on the FGT before we enabled FIPS. We also downgraded to 7.4.4 at that time from 7.4.7 which was working. 

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 18, 2026

Great news! Glad that it is working now :)

Jean-Philippe - Fortinet Community Team
mumbles202
mumbles202Author
New Member
March 18, 2026

No, it's not working. I was saying with the same configuration on the firewall it worked fine before we enabled FIPS. We downgraded the firewall to 7.4.4 and enabled FIPS and then re applied the configuration and now it doesn't work. 

Terms & ConditionsAccessibility statement