How to add a web server certificate to FortiEMS 7.4.5

I am trying to figure out how to add a web server certificate to Fortiems 7.4.5. to be used as the web server cert and the forticlient certificate. There are 3 options, Lets Encrypt, PKCS12 and PEM. I would like to use PKCS12. I use an outside vendor for this purpose.

There does not appear to be a way to create a CSR on the FortiEMS server. There is not access to the Ubuntu server running on the backend. (using fortinet image). Its fully locked down. I thought we had to create the CSR on the server being used for Fortiems. So I tried creating the CSR using Openssl running on Windows 11. I was able to upload the CSR to the CA and then was able to download the certificates.

1. Do you need root, intermediate and server cert to create a single .pfx file for upload as PKCS12? Or do I only need the intermediate and server cert.?

2. IN what order should the certs appear in the PFX file?

3. For creating the CSR, what are the mandatory items required, common name. city, province, etc?

After creating the PFX file and try uploading the PFX file I keep getting errors such as "The underlined Subject and Issuer values do not match. Please ensure the uploaded certificate chain is valid."   and "Please ensure the uploaded certificate chain is valid."

I am missing something in the steps I believe. Just not sure what.

Here are the steps I used:

1. openssl genrsa -out fortiweb.key 2048
2. openssl req -new -key fortiweb.key -out fortiweb.csr

3. then uploaded CSR to CA.

4. downloaded 3 certificates. root, intermediate and server crt files.

5. Then used openssl to combine certs to one .pfx file:

"openssl pkcs12 -export -out fortiems.pfx -inkey fortiweb.key -in server.crt -certfile intermediate.crt"

Does this look correct?

Am I missing something or is there some other way to do this?

Thank you.