The Certificate Warning can be avoided using the below-mentioned procedure only for the HTTP to HTTPS Redirection Authentication Traffic. For this,  use the same *.example.com wildcard certificate which is in the Local Certificate Store. This example follows all the steps required to create and install a local certificate on the FortiGate unit, without using CA software.

To generate a certificate request on the FortiGate unit - web-based manager:

1. Go to System -> Certificates -> Local Certificates.
2.  Select Generate.
3. In the Certificate Name field, enter 'FGT'.
   

Note:
Do not include spaces in the certificate name. This will ensure the compatibility of a signed certificate as a PKCS12 file to be exported later on if required. Since the IP address is private, we will use the FQDN instead.

4. Select Domain Name, and enter fgt.example.com.
5. Enter values in the Optional Information area to further identify the FortiGate.

• Organization Unit - Support
• Organization - Example.com
• Locality (City) - Bangalore
• State/Province - Karnataka
• Country - INDIA
• E-mail - fgt@example.com
  

6. From the Key Size list, select 2048 Bit or the most secure option available.
7. In the Enrollment Method, select File-Based to generate the certificate request.
8. Select OK. The request is generated and displayed in the Local Certificates list with a status of PENDING.
9.  Select the Download button to download the request to the management computer.
10. In the File Download dialog box, select Save and save the Certificate Signing Request on the local file system of the management computer.
11. Name the file and save it on the local file system of the management computer.
    

Note:
In case using IP address instead of FQDN, make sure to include that in "Subject Alternative Name" field.

 

Import the SSL certificate into FortiOS and assign it to admin access:

1. Go to System -> Certificates -> Local Certificates.
2. Select Import -> Local Certificate and choose the certificate file.
3. Select OK.
4.  To assign the certificate for admin access, navigate System -> Setting -> Administration Settings -> HTTPS server certificate.

On PC Browser

1. Add the CA certificate to the browser.
2.  When accessing FortiGate using HTTPS with a domain name (https://fgt.example.com), the users will get the login prompt without a certificate error.
3. Avoid the Certificate Warning using the below-mentioned procedure only for the HTTP to HTTPS Redirection Authentication Traffic. For this, use the same *.example.com wildcard certificate which is in the Local Certificate Store.
4.  When identity-based authentication is enabled, when users accesses HTTPS sites, Fortigate will redirect to https://fgt.example.com:1003 without Certificate Warning.

Related article:
Technical Tip: Certificate Error in Admin Access - Fortinet Community