Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Setting X.509 certificates

    Setting X.509 certificates

    To get started with your SAML configuration, an X.509 certificate and private key are required to sign requests sent to the IdP. This certificate can also be optionally used to encrypt assertions from the IdP.

    Using the FortiDLP Console, you can either upload or paste your own PEM-encoded certificate and key, or generate a self-signed certificate and key.

    How to set the x.509 certificate
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Authentication, select the SAML tab.
    3. Click Configure SAML.
    4. Do one of the following:
      • To upload a certificate and key:
        1. Click Upload certificate.
        2. Select the certificate issued by the IdP.
        3. Click Upload key.
        4. Select the key issued by the IdP.
      • To paste your certificate and key:
        1. In the Certificate field, paste your certificate.
        2. In the Private key field, paste your private key.
      • To generate a certificate and key:
        1. Click Generate.
          The generated certificate will display in the Certificate field at the top of the tab.
          Note

          When configuring ADFS as an IdP, this certificate must also be copied and pasted into a text editor and saved in CER format. You will need to select this later when Configuring SAML with ADFS.

    After you complete these steps, an Exchange information with the IdP section will display on the page. It will provide your Entity ID and ACS URL which you will need to configure SAML at the IdP. It is recommended that you leave this page open while completing the next task, as you will need to return to it.

    To proceed with your configuration, see the following sections:

    Previous
    Next

    Setting X.509 certificates

    Setting X.509 certificates

    To get started with your SAML configuration, an X.509 certificate and private key are required to sign requests sent to the IdP. This certificate can also be optionally used to encrypt assertions from the IdP.

    Using the FortiDLP Console, you can either upload or paste your own PEM-encoded certificate and key, or generate a self-signed certificate and key.

    How to set the x.509 certificate
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Authentication, select the SAML tab.
    3. Click Configure SAML.
    4. Do one of the following:
      • To upload a certificate and key:
        1. Click Upload certificate.
        2. Select the certificate issued by the IdP.
        3. Click Upload key.
        4. Select the key issued by the IdP.
      • To paste your certificate and key:
        1. In the Certificate field, paste your certificate.
        2. In the Private key field, paste your private key.
      • To generate a certificate and key:
        1. Click Generate.
          The generated certificate will display in the Certificate field at the top of the tab.
          Note

          When configuring ADFS as an IdP, this certificate must also be copied and pasted into a text editor and saved in CER format. You will need to select this later when Configuring SAML with ADFS.

    After you complete these steps, an Exchange information with the IdP section will display on the page. It will provide your Entity ID and ACS URL which you will need to configure SAML at the IdP. It is recommended that you leave this page open while completing the next task, as you will need to return to it.

    To proceed with your configuration, see the following sections:

    Previous
    Next