Speaking in Fortiweb words, there're two approaches to this: ssl offloading and ssl inspection.
Both enable the waf to inspect HTTPs traffic for viruses, etc.
Main difference is the place where you ends the ssl tunnel.
In ssl offloading, webserver certificate and key you must upload to fortiweb enable the traffic decryption and further analysis. The usual config is terminate SSL session in the Fortiweb and forward plain HTTP to protected backend webservers (reducing processing load in webs servers)
In SSL inspection, fortiweb it's not the ssl tunnel terminator, certificate and keys are both in the web servers and fortiweb,; traffic flows continuosly from client to servers, if this is not an attack, fortiweb allows it. However, Fortiweb decrypts a copy of the traffic in order to scan for viruses, malware or threats; it forwards the original, encrypted packets to webserver.
If you already configured your Server Policy, enabled HTTPS service, uploaded certificates, you have ssl offloading working; clicking in advanced ssl settings, you also could fine tune SSL aspects.
If you want configure ssl inspection in fortiweb terms, go to your defined server pools, and enable SSL to trigger inspection.
More and (better explained I guess) in: