FortiClient EMS requires an SSL certificate signed by a CA in pfx format. Use your CA to generate a certificate file in pfx format, and remember the configured password. For example, the certificate file name is server.pfx with password 111111.
The server where FortiClient EMS is installed should have an FQDN, such as ems.forticlient.com, and you must specify the FQDN in your SSL certificate.
If you are using a public SSL certificate, the FQDN can be included in Common Name or Subject Alternative Name. You must add the SSL certificate to FortiClient EMS. See Adding SSL certificates to FortiClient EMS for Chromebook endpoints. You do not need to add the root certificate to the Google Admin console.
If you are using a self-signed certificate (non-public SSL certificate), your certificate's Subject Alternative Name must include
DNS:<FQDN>, for example,
DNS:ems.forticlient.com. You must add the SSL certificate to FortiClient EMS and the root certificate to the Google Admin console to allow the extension to trust FortiClient EMS. See Adding root certificates.