Although you can create a self-signed certificate with Firebox System Manager or other tools, you can also create a certificate with the Microsoft Certificate Authority (CA).
For authentication, each certificate signing request (CSR) must be signed by a certificate authority (CA) before it can be used. When you create a certificate with this procedure, you act as the CA and digitally sign your own CSR. For compatibility reasons, however, we recommend that you instead send your CSR to a widely known CA. The root certificates for these organizations are installed by default with most major Internet browsers and XTM devices, so you do not have to distribute the root certificates yourself.
For HTTPS Proxy or SMTP Proxy content inspection, we recommend you use your internal CA to sign the request because you must create a CA certificate that can re-sign other certificates. If you create a CSR with Firebox System Manager and have it signed by a prominent CA, it cannot be used as a CA certificate.
You can use most Windows Server operating systems to complete a CSR and create a certificate.
Certification Authority is distributed with Windows Server as a component. If Certification Authority is not installed in the Administrative Tools folder on your server, follow the instructions from the manufacturer to install it.