The certificate loaded on the SRX1500 is issued by our CA using the steps described on the link you provided.
From a client PC, the SRX1500 certificate is already trusted since it inherits the trust from the CA which is already loaded on all domain computers. It's just that the SRX1500 signs each web certificate it proxies using SHA1 which makes Google Chrome complain. Using the "custom-ciphers" configuration stanza doesn't seem to matter
