Step 1. Create the certificate.
On linux command line we run:
Generating public/private rsa key pair. Enter file in which to save the key (/home/myuser/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/myuser/.ssh/id_rsa. Your public key has been saved in /home/myuser/.ssh/id_rsa.pub. The key fingerprint is: be:1b:3c:e0:1e:7d:1e:29:04:27:1d:1d:11:41:33:54 myuser@myhost The key's randomart image is: +--[ RSA 2048]----+
Step 2. Import PUBLIC key saved in Step 1 in the file id_rsa.pub to the Fortigate:
# config system admin
(config)# edit myuser
(myuser)# set ssh-public-key1 "ssh-rsa AAAAB3Nza .. … …<key copy paste goes here, remove the host myhost> …. 0lTo9P myuser"
Step 3. Connect using the certificate
ssh -i /home/myuser/.ssh/id_rsa <ip of the fortigate>
That is it, of course it will work for other Fortinet products having SSH access like Fortimail, FortiAnalyzer, etc .