"This CE Root certificate is not trusted" error received when setting up Secure LDAP certificate on Fortigate

When you configure Secure LDAP and use Fortigate firewall as the LDAP client, the certificate is not accepted showing the message stating:

This CE Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.

• Admin console
• Secure LDAP

After downloading the Certificate to configure the LDAP client in the Admin console as instructed in this manual to download the generated certificate, you should go to Google Trust Services page to download the CA certificate by following these steps:

1. Go to Google Trust Services page.
2. Click on Repository at the top.
3. Select Root CAs.
4. Click Actions next to the GTS Root R2 and select Certificate (PEM).

Once downloaded, the certificate can be imported on Fortigate's end. You may also refer to Fortigate's official documentation that guides through the process in this G Suite integration using LDAP.

In case of any issues connecting to the LDAP server, you may perform Secure LDAP connectivity testing. 

Fortigate only accepts CA certificates for LDAP connections, and the one downloaded in the Admin console when configuring an LDAP client is not a CA certificate.