If you’re using a Windows client and want to decrypt SSL/TLS traffic from the client to FortiWeb, there is a simpler way to get the SSL keys instead of retrieving them from FortiWeb diagnose output.
Set a Windows environment variable.
E.g. Create a new environment variable under User variables and select a file named “ssl-keys.log” to store SSL keys.
Set wireshark: edit > preference > protocols > TLS: choose the key file “ssl-keys.log” from "(Pre)-Master-Secret log filename". Then you’ll be able to see that decrypted HTTP traffic.
This method cannot capture and analyze packets from FortiWeb to the backend server.