When installing a device's policy package for the first time, FortiManager will push the default CA certificate that was created in the ADOM and named after the ADOM's name.

ADOM CA cert in Install Preview

ADOM CA cert in Policy & Objects

As the ADOM CA certificate is named after the current ADOM name itself, a new ADOM CA certificate will be generated when renaming an ADOM:

Renaming existing ADOM

New CA certificate generated

As the CA certificates are considered an ADOM-level configuration, FortiManager will try to install the new CA certificate to all managed devices in the ADOM in their next policy package installation:

Pushing new ADOM CA certificate 

As this will clutter up both FortiManager and FortiGate with unnecessary CA certificates every time the ADOM is renamed, the CA certificates can be deleted from Policy & Objects -> Advanced -> CA Certificates to prevent them from being installed to FortiGate:

ADOM renamed again