Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
forsenGa
New Contributor II

Created on ‎08-14-2024 02:04 AM

Incorret certificate file key size when uploading self-signed certificates from Authentik

Hello,

I'm trying to do a local lab by using Authentik as an IDP to establish sso login on Fortigate admin web interface.

I'm using Fortigate VM (FGT_VM64-v7.6.0)

 

I'm following this official Authentik tutorial: https://docs.goauthentik.io/integrations/services/fortigate-admin/

 

I downloaded two Authentik Self-signed certificate including certificate file and private key file (.pem extension). When I upload/import these files then it said "Incorrect certificate file key size for CA/LOCAL/REMOTE cert.". Can anyone explain and help me fix this issue? Thank you.

 

image.png

 

Labels:
816
0 Kudos
4 REPLIES 4
ozkanaltas
Valued Contributor III

Created on ‎08-14-2024 02:24 AM

Hello @forsenGa ,

 

Normally only the certificate is sufficient for SAML configuration. Can you just upload the certificate file to FortiGate and use it in the SAML configuration? it will work like this.

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
805
forsenGa
New Contributor II
In response to ozkanaltas

Created on ‎08-14-2024 12:25 PM

The key file field is required so I can't submit the Certficate file only

746
0 Kudos
ozkanaltas
Valued Contributor III
In response to forsenGa

Created on ‎08-14-2024 01:02 PM

Hello @forsenGa ,

 

Can you try installing it as a CA certificate instead of a local certificate? There it should only ask for a certificate.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
741
0 Kudos
pminarik
Staff
Staff

Created on ‎08-14-2024 02:25 AM Edited on ‎08-14-2024 02:25 AM

Trial/unlicensed VMs have severe crypto restrictions, including certificate key size. This is an expected symptom of that.
If I remember correctly, this might work if you go down to 512bit RSA key.

 

For proper testing of anything crypto-related (SSL-VPN, IPsec, UTM inspection), use a full VM license, time-limited evaluation license, or a hardware unit.

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/441460/permanent-trial-mode-...

[ corrections always welcome ]
804
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.