If you are using a private CA, the certificate you need to import will go into Glassfish, the Java EE backend that FortiSIEM uses.
On the supervisor:
1) If you don't have the server's cert handy, you can query it directly and stuff in a fileecho -n | openssl s_client -connect <ldap server ip>:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/<cert name>.cert
2) The resulting cert file in /tmp you can then use keytool to import into Glassfish java cert store
The below you can import the CA cert if you have it, or just use ldap server cert for both imports
keytool -import -trustcacerts -alias ldapserverx -keystore /opt/glassfish/domains/domain1/config/cacerts.jks -file /tmp/somecert.crt
keytool -import -trustcacerts -alias ldapserverx -keystore /opt/glassfish/domains/domain1/config/keystore.jks -file /tmp/somecert.crt
If password prompt, type: "changeit"
3) Lastly restart java to take effect
killall -9 java
4) Wait about 3-6 minutes before UI responds again, relogin.
I agree I think there should be a UI option to import certificates into the Java cert store dynamically, I'll talk to the Fortinet team and place that feature request.