Hello,
1) Are you saying that the identity certificate (issued by CA & issued to your firewall) is shown under CA certificate?
If that is the case, you want to delete it from under 'CA certificate' in WebGUI & install it under 'Local certificate'.
2) Once done, use following link so that when you enter https://myfirewall.company.com , it will this certificate instead of
self-signed certificate.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB11496&actp=search
This will never impact your site to site VPNs.
Regards,
Rushi