Troubleshooting Tip: Fixing error EMS refused connection due to lac of authorization. Error (-1@_get_capabilities:471)

When an EMS server is added to the FortiGate settings, the EMS needs to authorize the FortiGate before they can communicate properly. 
In the case, where an EMS server was already added to the FortiGate settings but the message 'Failed to verify the certificate for server 'server_name" with Error (-1@_get_capabilities:471)' appears, make sure FortiGate can communicate properly to the EMS server. 

Checking the FortiGate settings for EMS via CLI:

config endpoint-control fctems
  edit 1
    set status enable
    set name "HLZ1-EMS-01_Default"
    set server "10.68.243.30"
    set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api
  next

end

From the CLI, FortiGate cannot communicate with EMS server:

LAB-FGT (root) # execute ping 10.68.243.30
PING 10.68.243.30 (10.68.243.30): 56 data bytes

--- 10.68.243.30 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

LAB-FGT (root) #

Once the communication between EMS and FortiGate is restored, it is necessary to accept the certificate again.