If you have your own CA internally, like a MS server environment, your best bet is to issue a certificate request from the SRX to your internal CA and then load and use that certificate. These will be fully trusted then by your domain computers.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB10175