This article describes how to sign certificate with Subject Alternate Name for FortiGate admin GUI by FortiAuthenticator.
Assign the local certificate to the FortiGate admin interface after signing the same on FortiAuthenticator.
If the user has both FortiGate and FortiAuthenticator and if this user wishes to sign the certificate on FortiAuthenticator (FortiAuthenticator acts as certificate authority) and import to FortiGate and configure for FortiGate admin GUI, after signing the certificate, after installing the CA certificate on browser store or local system and try to access the FortiGate admin GUI interface on chrome, 'Invalid Certificate' message will appear.
This is because of incorrect SAN.
If the certificates feature is not available under System, then enable the feature from System -> Feature Visibility -> Certificates and select 'Apply'.
Generating CSR certificate on FortiGate.
Important reminders when creating CSR: Make sure that it is filled in the required information. For this example, an IP address for GUI access is used, but it is possible to use a Domain Name too if FortiGate is accessed via FQDN or DNS.
For the Subject Alternative Name (SAN), make sure that the parameters are correct. For FQDN, use DNS:Your-FQDN, and for IP, just add the IP Address:Your-IP.
Use a comma and space to add more entries. The final look should be like this: DNS:fgt.fortinet.com, IP Address:10.5.20.141. Afterwards, select 'Okay.'