Because communication between the root FortiGate IdP and FortiGate SPs is secured, you must select a local server certificate for FortiGate IdP in the IdP certificate option. When a downstream FortiGate SP joins a root FortiGate IdP, the FortiGate SP automatically obtains the certificate. In the following example, the IdP certificate displays REMOTE_CERT_1, which is the root server certificate for the FortiGate IdP.
If you are manually configuring FortiGate SPs, you can download the certificate from the FortiGate IdP, and then import it for use with the manual configuration of FortiGate SPs.
- On the root FortiGate IdP, go to User & Device > SAML SSO.
- Click Identify Provider (IdP).
- Beside IdP certificate, click Download.
The certificate is downloaded to the local file system.
- Go to User & Device > SAML SSO.
- Click Service Provider (SP).
- Import the downloaded certificate:
- Beside IdP certificate, click the box, and select Import.
- Click Upload, and select the certificate for the FortiGate IdP.
- Click OK.
The certificate is imported.
- In the IdP certificate list, select the certificate that you imported, and click Apply.