You can configure certificate-based authentication for FortiGate administrators, SSL VPN users, and IPsec VPN users. See “Configuring certificate-based authentication”.

Certificates are also inherent to the HTTPS protocol, where the browser validates the server’s identity using certificates. A site certificate must be installed on the FortiGate unit and the corresponding Certificate Authority (CA) certificate installed in the web browser.

To force the use of HTTPS, go to User & Device > Authentication > Settings and select Redirect HTTP Challenge to a Secure Channel (HTTPS).