I don’t know anything about FortiGate myself but a useful feature of Certify is Deployment Tasks (under Tasks) - these are steps you can add at the end of certificate renewal to convert and deploy the certificate in various ways. You can also add a task and run it immediately if you already have a working certificate.
Some of the tasks include:
- Deploy to Generic Server: this can export as .pem format files (.crt, .key etc) and optionally copy the file over SFTP to a remote host.
- Script: this can run local scripts or even SSH into a remote host and run scripts there.
Ideally you need the fortigate to have an API you can push the certificate to, or accept SSH/SFTP, or in some cases people use powershell etc to login to the web UI and post files etc, but that’s a bit brittle if the admin UI ever changes.