The following commands can be used to check whether a certificate can be renamed. The '?' command is used to show the list of all available sub-commands in a particular context.

When multi-VDOM mode is enabled or disabled:

config vpn certificate {local | ca | remote | ocsp-server | crl}
?

When multi-VDOM mode is enabled but in Global-VDOM:

   config certificate {local | ca | remote | ocsp-server | crl}
   ?

edit: Add/edit a table value.
delete: Delete a table value.
purge: Clear all table values.
rename: Rename a table entry.  <----- Rename is available.
get: Get dynamic and system information.
show: Show configuration.
end: End and save the last config.

The rename command can then be used as shown below:

 FGT(CA) # rename <old-cert_name> to <new-cert_name>

The following example shows how to change the name of the CA cert:

FGT# config vpn certificate ca

    FGT(ca) # show
        config vpn certificate ca
            edit "CA_Cert_1"
                set range global
            next
        end

FGT(ca) # rename CA_Cert_1 to FSRAO_CA_CERT

SDC-INTFW-01 (ca) # show
    config vpn certificate ca
        edit "FSRAO_CA_CERT"             <----- Cert is renamed.
            set range global
        next
    end

The following example shows how to change the name of the CA cert in Global-VDOM:

FGT (global)# config certificate ca

    FGT(ca) # show
        config certificate ca
            edit "CA_Cert_1"
                set range global
            next
        end

FGT(ca) # rename CA_Cert_1 to FSRAO_CA_CERT

SDC-INTFW-01 (ca) # show
    config certificate ca
        edit "FSRAO_CA_CERT"             <----- Cert is renamed.
            set range global
        next
    end

Renaming a certificate could potentially disrupt services that rely on the old certificate name. To list services using the certificate, use the following command: 

diagnose vpn certificate list-usage <old-cert_name>