By default your Fortigate comes with self-signed certificates which results in the invalid certificate warnings when accessing the Admin pages, SSL VPN portal and also for users accessing HTTPS websites through the Fortigate when HTTPS deep inspection is turned on. In most cases Administrators don’t care about these warnings as the connection is still secure and there is no need to purchase a signed certificate. However when for SSL VPN you’ll likely want to purchase a signed certificate from a CA to prevent users from getting the invalid certificate message when logging in. Some useful examples can be found here
In the case of using SSL deep inspection you’ll want to install a certificate on the Fortigate that’s trusted by user’s browsers to prevent the invalid certificate warning.This trusted certificate could be one signed by your domain controller, an example of this configuration can be found here