CA certificate is imported in PEM or DER format via vHFA WBM:

Configuration > SPE > SPE CA Certs > click on Import

On following screen press Browse button and select appropriate CA certificate file to import. If CRL distribution point for imported CA is available, select CRL distribution method (currently only HTTP is supported) and fill CDP address in text field CDP. Before CA certificate is imported in CGW, its fingerprint must be verified by click on View Fingerprint of Certificate because from now on will be this certificate treated as trusted!

List of currently available trusted certificates present on SG can be found in:

To view CA certificate details, click on appropriate entry in select box. To view CDP address and list of currently revoked client certificates click on entry in available SPE CA Certificate select box and click on View CRL + CDP. Certificate can be removed from trusted certificate list click on certificate in select box and Delete button.