Create certificates on server:
/certificate
add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign days-valid=1100
add name=server-template common-name=server
add name=client1-template common-name=client-hq
/certificate
sign ca-template name=CA-DC
sign server-template ca=CA-DC name=server
sign client1-template ca=CA-DC name=client-hq
/certificate
set CA-DC trusted=yes
set server trusted=yes
/certificate export-certificate CA-DC
/certificate export-certificate client-hq export-passphrase=xxxxxxxx