The advantage of obtaining a certificate from
an external certificate authority (CA) is that the private key does
not leave the firewall. To obtain a certificate from an external
CA, generate a certificate signing request (CSR) and submit it to
the CA. After the CA issues a certificate with the specified attributes,
import it onto the firewall. The CA can be a well-known, public
CA or an enterprise CA.