yes, we have a public signed certificate on our Fortigate, too.
In your case we used a linux computer with openssl tools, created a private key, created a CSR (certificate signing request) and ordered with this CSR a public signed certificate at a CA (certificate authority).
Nearly all of the CAs you can order www.example.com and you get the hostname example.com in the certificates for free...
After getting the signed certificate from the CA we imported this with the private key (stilled stored on the linux-system) on the Fortigate. I used the CLI with SSH (because you can define very simple a speeking name for the certificate/key handle), my coworker use the GUI.
The now created handle you can use for all SSL related configrations within your Fortigate or vdom.
Of course you need a DNS-record (A and/or AAAA) with the ip-address of the Fortigate. For testing a line with ip-address and hostname in etc/hosts-file works as well for this one source-system.
have fun with this