There is a new feature introduced in FortiProxy 7.4.0 version, which can be used to configure a secure (HTTPS) download of a PAC file from FortiProxy.

Follow these steps to configure it:

1. Generate a server certificate to be used on the FortiProxy for the requests from the client. See Technical Tip: How to generate a self signed server certificate for instructions on how to generate the server certificate.
   
   
2. Configure the captive portal to serve the PAC file (run from the related VDOM, not from global):

config authentication setting

    set captive-portal-type ip    <-- FQDN or IP can be used.

    set captive-portal-ip 172.31.143.62   <-- Captive portal interface and proxy interface need not be same.

    set captive-portal-ssl-port 9090

end

Note: Enable proxy-captive-portal on the interface.

3. Configure the web proxy on FortiProxy:

config web-proxy explicit-proxy

    edit web-proxy

        set status enable

        set interface port3         <----------- IP address 172.31.143.62.

        set http-incoming-port 8080

        set pac-file-server-status enable

        set pac-file-name "mypacfile.pac"

        set pac-file-data "function FindProxyForURL(url, host) { //pacfiletest return \"PROXY 172.31.143.62:8080\"; }

end

4. Configure the end client to fetch the PAC file from FortiProxy as shown below: