Using a CA-signed certificate
Obtain and install a CA-signed certificate on FortiGate to use with SSL inspection. To implement SSL inspection, add another security profile to the policy that controls Internet traffic. You can use either FortiAuthenticator as your CA or a trusted private CA.
If you use FortiAuthenticator as a CA, generate a certificate signing request (CSR) on your FortiGate, have it signed on FortiAuthenticator, import the certificate into FortiGate, and configure FortiGate to use the certificate for SSL deep inspection of HTTPS traffic.
If you use a trusted private CA, generate a CSR on your FortiGate, apply for an SSL certificate from the trusted private CA, import the certificate into FortiGate, and configure FortiGate to use the certificate for SSL deep inspection of HTTPS traffic.