Using a CA-signed certificate
In this method, you obtain a CA-signed certificate and install this certificate on your FortiGate to use with SSL inspection. In order to implement SSL inspection, you also need to add another security profile to your policy controlling Internet traffic. You can use either FortiAuthenticator as your CA or a trusted private CA.
If you use FortiAuthenticator as a CA, you generate a certificate signing request (CSR) on your FortiGate, have it signed on the FortiAuthenticator, import the certificate into your FortiGate, and configure your FortiGate to use the certificate for SSL deep inspection of HTTPS traffic.
If you use a trusted private CA, you generate a CSR on your FortiGate, apply for an SSL certificate from the trusted private CA, import the certificate into your FortiGate, and configure your FortiGate so the certificate can be used for SSL deep inspection of HTTPS traffic.