The following objects are used as examples for this scenario:

• Virtual Server.
• Dynamic Local Certificate.

To configure Virtual Server in FortiManager, navigate to Policy & Objects -> Firewall Objects -> Virtual Server. This feature needs to be enabled in Feature Visibility.

As shown in the following image, the server is configured as type 'TCP', and no references to the local certificate are made in the GUI, as it is not an option:

To configure a Dynamic Local Certificate, navigate to Policy & Objects -> Advanced -> Dynamic Local Certificate.

From the screen, 'right-click' the certificate and select 'Where Used'. From the pop-up panel, the reference to the Test1 Virtual Server can be seen:

For this example, the behavior happens due to an updated configuration of the object. The object 'Test1' used to be configured as type 'HTTPS'. Under this type, the certificate can be referenced as part of the configuration, as shown in the following image:

When the server type is HTTPS, the 'SSL Offloading' section will appear on the GUI to refer to the certificate. However, when changing the type to TCP, the 'SSL Offloading' section will not appear in the GUI, as that part of the configuration belongs to a Virtual Server with type HTTPS.

After the change, the configuration remains embedded; however, it is not used as part of the installation. This explains the reference that is being made, even though the configuration does not appear in the GUI.

To remove the reference, edit the Virtual Server to type HTTPS and ensure the certificate configuration appears on the GUI. Then, remove the reference and change the type back to TCP.

Another way that can be used to remove the reference is to go to Policy & Objects -> Advanced -> CLI Configuration. From the page, navigate to the object that contains the references, for this example, Firewall VIP. After the object is identified, select Edit, and a pop-up panel will appear. The panel will contain all related configurations regardless of the type of Server: