FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to troubleshoot the error 'CRL/certificate file doesn't matched CA imported' when uploading a remote certificate.
When uploading a remote certificate, especially in the case of SAML authentication with Azure, the user may encounter the error 'CRL/certificate file doesn't have matched CA imported'.
When trying to create the cert using CLI, error code 651 could be seen:
The cause of this issue is that FIPS-CC is enabled on the device. To import the remote certificate when FIPS-CC is enabled, it will be necessary to have a valid certificate with Basic Constraints to the IdP Application.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.