Error:

The problem occurs when a user tries to access a website via Google Chrome and encounters the error  ERR_CERT_AUTHORITY_INVALID. This error indicates that Chrome detects the SSL certificate is not issued by a trusted Certificate Authority.

Generally, a user would see this error when the site they intended to visit is blocked by the firewall. Usually 'Web Filter', 'Application Filter', and the 'DNS Filter' are the most likely to generate this page.

If both the web filter and the application control are being applied in the same policy, make sure to allow the matching application signatures inthe  application control profile if it is being exempted in the web filter to access the page without error.

It is possible to confirm this by navigating to Log & Report -> Security Events and checking the logs for each feature with the user's source IP.

The FortiGate would be the one signing the certificate for the block page, this is why the browser thinks it is untrusted.

If the intention is to block the site and make the page visible, it is possible to have the browser trust the blocked page.
There are a few different ways to do this.

If already using certificates in AD, import the CA cert from the LDAP server into the FortiGate to sign the page presented to the client.

Here are the steps for that: How to use custom certificate for FortiGate Block ... - Fortinet Community.

It is also possible to install the FortiGate's CA Cert onto the client instead. This is also needed if doing Deep Inspection.
Make sure that the Fortinet_CA_SSL certificate should be listed under the list of 'Trusted Root Certificate Authority' list in the browser: 

• Navigate to Settings -> Privacy and Security -> Security -> Manage certificates.

• Navigate to the Trusted Root Certification Authorities and import the certificate as needed:

Related articles:

Technical Tip: GUI Untrusted HTTPS server certificate 
Technical Tip: Certificate Error in Admin Access