FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190389
This article describes how to install a new certificate when Fortinet_Wifi certificate is expired.

FortiOS built in certificate Fortinet_Wifi will expire on May 24, 2019. This can lead to an issue related to wireless authentication when they are expired if the device is running FortiOS 5.6 or lower versions of software.

This may impact all FortiGate and FortiWifi devices using SSID’s with WPA2 Enterprise authentication and with local user groups configured to authenticate such WiFi.

SSID configuration example:

From the GUI

From the CLI:
Fortinet_Wifi# get system status
Version: FortiWiFi-61E v5.6.9,build1673,190513 (GA)

Fortinet_Wifi# show wireless-controller vap wifi

config wireless-controller vap
    edit "wifi"
        set vdom "root"
        set ssid "CertTest-WPA2"
        set security wpa2-only-enterprise
        set auth usergroup
        set usergroup "LOCALS"
        set schedule "always"

Fortinet_Wifi# show user group LOCALS
config user group
    edit "LOCALS"
        set member "userlocal"

Fortinet_Wifi# show user local userlocal
config user local
    edit "userlocal"
        set type password
        set passwd-time 2019-05-19 06:51:10
        set passwd ENC


Certificate validity can be checked from GUI providing the option is enabled:

System Certificates Fortinet_Wifi

Any FortiGate with “Fortinet_Wifi” certificate showing an expiry date of 2019-05-24 could be impacted.

Possibly Affected Products:

Any FortiGate Model running FortiOS 5.6 version or lower.

FortiWifi using internal Wifi and FortiGate/FortiWifi devices configured as Wireless controllers and managing FortiAP(s) as long as the users are configured to authenticate using WPA2 Enterprise with local users.

There are several options to prevent the certificate expiry from occurring.

Option 1: Create a new certificate

1) Create a new certificate as shown in the example below.

Then have the certificate signed as intermediate non-signing CA by your own CA or a 3rd party CA.

Further details can be found on the Fortinet documentation site here.

Option 2: Upgrade to the latest FortiOS firmware

Starting with FortiOS 6.0.1, the “Fortinet_Wifi” certificate is updated periodically and automatically through FortiGuard.

Technical Support Contact Information can be found here.
Fortinet Technical Support home page can be found here.