michellem812,
I was sort of new to certificates when I first started messing with this as well. In case you haven' t gotten the answer you' re looking for let me explain what you' ll need to do:
First, the reason the signed cert from Verisign (or from any other Certificate Authority) isn' t working is because what you actually need is a Certficate Authority cert (a sub-ca or ca as mentioned above). No public Certificate Authority will issue a sub-ca or ca level cert to a customer because it would allow that customer to sign further certificates and appear as if they were that public Certificate Authority. This would break the " trust" for that vendor.
The cert you received from Verisign is likely to be a run-of-the-mill server certificate. It can be used to sign traffic for a device with a particular address only and cannot be used to sign further certs, which is what you need.
The FortiGate uses the ca or sub-ca certificate to dynamically create and sign further server certificates for the hosts you attempt reach through it. The short explanation of this process is that it is an authorized " man-in-the-middle" attack on the SSL-secured traffic where the FortiGate asserts itself as the source of your traffic and talks to the remote host on your behalf. It then relays the responses back to you signed with a new cert it generated from the ca/sub-ca for that session.
To acquire the ca/sub-ca cert you' ll have to setup a private Certificate Authority within your organization. Setting one of those up would take up more time than I have, but if you are in a Microsoft environment (AD2003 or greater) then the process isn' t too difficult. After you have your private CA setup you will then need to distribute the CA cert to your internal hosts so that they trust it (again, easy to do with Active Directory GPOs) and finally import that ca/sub-ca cert into the FortiGate.
It seems a lot more complex than it really is. Just do some research on setting up a Private Key Infrastructure (PKI) for your organization and you' ll have the tools you need to get HTTPS inspection working.
As a side piece of advice: when setting up your PKI consider having at least two CA servers. The first, the root CA, should issue a cert to the second subordinate-CA. Then shut down the first and only issues further certs from the sub-CA. This will allow you to easily revoke certificates should your Certificate Authority ever become compromised.