Adding a New Root Certificate
If you want to add a new root certificate, click Add, and then you have options to install a root certificate from a file, or you could paste in the information or use SCEP. If you want to use the manual method from a file or through cut and paste, your CA vendor provides the file or instructions for obtaining the file for its root CA certificate. In this example, I have a CA that supports SCEP, so that is the option I chose, as shown in Figure 5-6.
When you add a new root certificate, you are also adding details about how you are going to work with that CA. By clicking the More Options button, you can answer questions about the CRL and specify other details about which protocols to be used for certificate verification for this firewall to use when dealing with certificates issued by this CA, as shown in Figure 5-7.
After you install a root certificate and verify it is valid by calling the CA and comparing the hash they give you against the hash for the certificate installed, you then can request your own identity certificate and follow a similar process to install it.