FortiClient can access certificates in the computer store for authenticating to the IPsec VPN:

Note: 

Even if computer account certificates are visible in FortiClient, 'Allow non-administrators to use machine certificates' must be checked in EMS, or '<run_fcauth_system>' must be enabled in XML configuration for FortiClient to have access to the certificate private key.

In FortiClient Windows v7.4.3 and v7.2.x versions, this works as expected. After upgrading to v7.4.4, the IPsec VPN connection fails to establish with a 'CertificateSignFailed' error (the certificate is still selectable in FortiGate GUI).

This is a result of a permissions issue triggered by the upgrade and is tracked as Issue ID# 1205084, see New Known Issues. A fix is scheduled for inclusion in the upcoming FortiClient v7.4.5.

Note:

FortiClient can access system certificates in the logged-in user's user store without additional configuration.

Resolution:

Upgrade to FortiClient Windows v7.4.5 and ensure <run_fcauth_system> is enabled.

<run_fcauth_system>1</run_fcauth_system>

Workaround:
Re-import or regenerate the certificate, including the private key.