Re: SSL deep scanning/certificate enrollment for BYOD devices
When I ran Fortigate's in K-12 BYOD environments we made the certificate available on a pinned topic of the School's Learning Management System (we used Moodle at the time) with instructions for Mac and PC.
At another School we invested in an MDM which allowed us to package up and distribute the certificate easily enough.
FortiConnect at another School allowed us to create a nice .exe package for the Certificate which was then installed as part of the on-boarding process
I submitted a New Feature Request during the 5.6 firmware beta period around theissue of simplifying the certificate deployment in BYOD environments, which i think was added to the NFR list but not sure if it made any traction internally?