How to create subordinate certificate that can be used for example by Forticlient for SSL inspection.
I prefer to use OpenSSL for this:
Request
openssl req -new -newkey rsa:2048 -keyout fortigate-sub-ca.key -out fortigate-sub-ca.csr
Private key
openssl req -new -newkey rsa:2048 -keyout fortigate-sub-ca.key -out fortigate-sub-ca.csr -nodes
Encrypt private key
openssl rsa -des3 -in fortigate-sub-ca.key -out fortigate-sub-ca-encrypted.key