The certificate, username, and password are used for two-factor authentication. When authorized users connect through the SSL VPN tunnel, the FortiGate checks the user certificate against its CA certificate. The user can then securely connect to the Internet and to resources on the Internal Network.
This recipe requires that you have three certificates: a Certificate Authority or CA certificate, a server certificated signed by the CA certificate, and a user certificate signed by the CA certificate. The certificates shown in this video were created using OpenSSL.
The recipe for this video is available here.