Even when a wildcard certificate is installed and specified in the SAML profile. FortiGate may still use the default Fortinet certificate.

FortiGate is configured as a SAML Service Provider. Internal users access a web portal over HTTPS and authenticate via SAML through FortiGate.

When users try to authenticate, the connection uses the default certificate instead of the intended 'wildcard2025' certificate.

To confirm this behavior, use the following debug commands. Replace x.x.x.x with the client’s public IP:

diagnose vpn ike log-filter rem-addr4 x.x.x.x
diagnose debug console timestamp enable
diagnose debug application authd 60
diagnose debug application fnbamd -1
diagnose debug application samld -1
diagnose debug application ike -1
diagnose debug application eap_proxy -1
diagnose debug enable

A log snippet may appear as follows:

2025-10-01 09:18:59 [authd_http_set_server_cert:792]: found Fortinet_Factory.com -> Redirecting it to default certificate instead of wildcard certificate.

This indicates that authd handles the SAML authentication and selects the certificate based on user settings, not the SAML profile.

To ensure the correct certificate is presented, configure it under user settings:

config user settings
    set auth-cert "wildcard2025"
end

This can also be configured in the GUI under User & Authentication -> Authentication Settings:

 
After this, FortiGate will present the correct certificate during SAML authentication:

[authd_http_set_server_cert:792]: found Fortinet_Factory for wildcard2025.com <----- Now presenting 'wildcard2025' certificate.