Issue when adding FortiGate to FortiManager

I don’t think it’s possible to add Fortigate trial version in FMG and FAZ. I came to the conclusion that :

-In the certificate that a FortiGate running in evaluation mode sends to FortiManager to establish the tunnel, the serial number is missing from the common name field. As a result, FortiManager refuses to establish the connection because the certificate does not meet the validation requirements.

-No amount of configuration or troubleshooting will make the connection succeed. The issue is directly related to the certificate structure, therefore the tunnel cannot be formed in this mode.

@Irah  Since this is VM as FMG by default not allowed the VM connection, can you try to allow the VM connection from FMG site ?

On your FMG open CLI and try below command 

=======================

config sys global

set fgfm-allow-vm enable

end

=====================

Now try to authorised again see whether you can 

Hi

@Irah Can you run below command and upload here ? 

On FortiGate 

==========================

get router info routing-table details 10.0.0.100 

config vpn certificate local
get Fortinet_Factory
exec ping-option data-size 1500

exe ping-options df-bit y
exec ping 10.0.0.100 

exec ping-option data-size 1420

exe ping-options df-bit y
exec ping 10.0.0.100 

show firewall local-in-policy

==========================

On FMG site 

==========================

config system global

get

==========================

@Irah  I can see your FMG has below setting 

set enc-algorithm high 
Can you change to high on FG site as well ?

config system central-management
set enc-algorithm high 
end

Also FortiGate certificate has CN=Fortigate, which it should be serial number 

Which something looks like below 

Which cloud platform is the FortiGate hosted as VM ?

I think that still something to do with your Factory certificate using FortiGate device name instead of serial number, see our previous conversation , if you have valid license file , upload the license file again 

This can also be done via the GUI. Navigate to System -> FortiGuard, expand Virtual machine and choose FortiGate VM license and re-upload the license file.

Or alternatively use command below 

exec vm-license <token>

Those Command might require you reboot the FG afterwards, if this is production enviroment, do this afterhours 

Just checking if someone found a work around this problem. Issue definitely seems to be related to the factory certificate having 'Fortigate' as the CN instead of the serial number.

Is there a way to generate a custom certificate from Fortimanager and install it on Fortigate?

<<<Sample debug output from FMG>>>
2026-03-24 19:13:30 __get_handler:1039: peer_sn=FortiGate, msg_sn=FGVMEWSDFG4UIY54, session_cn=FortiGate
2026-03-24 19:13:30 __get_handler:1082: serial number (FGVMEWSDFG4UIY54) in 'get' message doesn't match the subject CN (FortiGate) in peer's certificate.