Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎09-17-2023 10:05 PM Edited on ‎09-18-2023 06:37 AM By Moderator

Article Id 274056

Troubleshooting Tip: Error 'CRL/certificate file doesn't matched CA imported' when uploading remote certificate

Description

This article describes how to troubleshoot the error 'CRL/certificate file doesn't matched CA imported' when uploading a remote certificate.
Scope FortiGate.
Solution

When uploading a remote certificate, especially in the case of SAML authentication with Azure, the user may encounter the error 'CRL/certificate file doesn't have matched CA imported'.


issuecert.png


When trying to create the cert using CLI, error code 651 could be seen:

Capture.PNG
The cause of this issue is that FIPS-CC is enabled on the device. To import the remote certificate when FIPS-CC is enabled, it will be necessary to have a valid certificate with Basic Constraints to the IdP Application. 

Note:
To create a certificate with Basic Constraints from Azure, refer to this document for more information: Technical Tip: Unable to import remote certificate to FIPS-CC enabled FortiGate for SAML authenticat...

 

 

77
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.