The error message 'Failed to verify the certificate for server, EMS certificate not trusted' can occur when there are issues with certificate validation during the FortiGate-FortiClientEMS communication process.

Note: If VDOMs are being used, upload the certificate to the global VDOM beside the VDOM that the fabric connector is in.

Troubleshooting steps:

1. Navigate to Administration -> Fabric Devices: Within the EMS console, go to the 'Administration' menu and select 'Fabric Devices'.
2. Verify Device Authorization: Check whether the device is authorize is listed and authorized in the 'Fabric Devices' section. If it is already authorized, this means that the device has previously communicated with EMS.
3. Temporarily Disable Connection: To address potential communication issues, disable the connection between FortiGate and EMS. This can be done on the FortiGate side. Temporarily disabling the connection will allow to re-establish it later.
4. Reconnect and Provide a New Certificate: After disabling the connection, reconnect the FortiGate to EMS. During this reconnection process, there might be a prompt to provide a new certificate.
5. Accept the New Certificate: When prompted to provide a new certificate, accept the new certificate provided by FortiGate. This step is essential to establish trust between the devices.
6. Monitor for Successful Reconnection: Once the reconnection is complete, monitor the FortiGate and EMS for successful communication. Ensure that the error message 'Failed to verify the certificate for the server, EMS certificate not trusted' no longer appears.
7. Check the FortiGate certificate store for the EMS CA certificate: The FortiGate needs to verify the EMS server certificate. To do this, the FortiGate will need to verify the EMS certificate with the installed CA certificates. Manually uploading the CA certificate onto the FortiGate may resolve the issue.