While most organizations would prefer to deploy URA using the simplest and quickest method (with the Getting Started Wizard), some might prefer to tweak and fine-tune their SSL and PKI infrastructure . One conceivable need would be a tight security policy, and another would be to implement URA in an environment where PKI is already deployed and the two need to coexist.
The IP-HTTPS and NLS certificates are pretty straightforward, and besides issuing them to your URA server(s) and selecting them in the URA interface, there's little to do. The computer authentication certificate, though, has some more properties and options.
When you configure the use of computer certificates (as opposed to the use of the Kerberos proxy feature), you need to select the root CA which issues the certificates. The wizard will then trust certificates received from a client during the connection if they were issued by that CA. If you are using an intermediate CA instead of a root CA, you can...