SAML SSO -> SP Certificate | Azure IdP

Forum|Forum|7 months ago
October 21, 2025
2 replies
564 views

I have SAML SSO enabled on the FortiGate using Azure as the IdP, and it's working well.

I'm now trying to enable the SP certificate. I tested several certificates from the FortiGate certificate list, but each one fails with the error:"Signature algorithm used to sign data is not supported."

The IdP metadata shows Azure requires this signature method in SAML metadata:

How can I generate or issue a certificate on the FortiGate that will produce RSA with SHA-256 signatures via CLI? Please help with CLI commands or steps.

Best answer by AEK

This is a CA certificate. If you have a certificate authority like AD or FortiAuthenticator, you can download it from there and install it on your FortiGate.

AEKAnswer

SuperUser

This is a CA certificate. If you have a certificate authority like AD or FortiAuthenticator, you can download it from there and install it on your FortiGate.

AEK

cmanAuthor

New Member

Makes sense, guess the best option is to import instead of tring to create one fortigate. Thanks.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded