After getting to a machine with openssl installed ( I used a Ubuntu Server for this purpose )

Generate a CSR and fill in the details asked:

jrelhak@ubuntu-server-jr:~$ openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr

Upload the CSR to the CA ( I used GoDaddy in this case): save the pem and crt bundle file back to the original CSR machine and convert the pem and key with GD bundle into a pfx. You’ll be asked for the previously set private key password and to set a PFX password:

jrelhak@ubuntu-server-jr:~$ openssl pkcs12 -export -out sslvpn.pfx -inkey PRIVATEKEY.key -in 85bff5d78f00ce1.pem -certfile gd_bundle-g2-g1.crt
Enter pass phrase for PRIVATEKEY.key:
Enter Export Password:
Verifying – Enter Export Password:
jrelhak@ubuntu-server-jr:

Verify PFX was created:

jrelhak@ubuntu-server-jr:~$ ls
85bff5d78f00ce1.crt 85bff5d78f00ce1.pem gd_bundle-g2-g1.crt MYCSR.csr PRIVATEKEY.key sslvpn.pfx

Upload the pfx to the Fortigate as a local certificate and enter the Export password.

From the CLI you can see the certificates under “config vpn certificate local”