Description
This article describes how to handle the warning 'Invalid Certificate detected, Are you sure you want to Continue?' when there are changes to the SSL VPN certificate or changes on the SSL VPN server certificate on the client.
In this example, the IDP is the Microsoft Azure and the SP is the FortiGate.
Scope
FortiGate 6.4 and 7.0.
FortiClient 6.4 and 7.0.
Solution
The error message is as follows:
The warning shown above after entering the credentials is a warning from the Azure(IDP).
Recent changes may include:
- FQDN is included from the new certificate.
- The FQDN (hostname) has changed.
When connecting to SSL VPN by FQDN (fully qualified domain name), change from public IP address to FQDN on the FortiGate and Azure end
- Under 'config user saml':
config user saml
edit <name>
set entity-id "https://<FQDN>:<Custom SSL VPN port>/remote/saml/metadata"
set single-sign-on-url "https://<FQDN>:<Custom SSL VPN port>/remote/saml/login"
set single-logout-url "https://<FQDN>:<Custom SSL VPN port>/remote/saml/logout"
end
- Navigate to SAML attributes under Username Attributes & Claims in the Azure portal.
Change from IP address to FQDN here, or change the hostname as necessary:
