When Deploying the Survivable Branch Appliance, the Branch Site Tasks requires to Generate and Import an SBA Certificate. If you do not wish to send the signing request automatically to a Windows Certificate Authority, and would rather send it to a Trusted CA of your choice, then you'll need to import the signed certificate manually as outlined on this page.
There are two types of certificates that can be imported:
Before importing a new Signed Server Certificate, you must first import a valid Trusted CA Certificate.
SHA2-256 Certificate Compatibility
SHA2-256 CA Certificates may be used for the SBA, SBC, and Lync 2013 Servers. Lync 2010 requires that all devices employ ALL SHA1 Certificates. For more information see the Microsoft SHA1 Deprecation Policy.
In the left navigation pane, under Lync™ Survivable Branch Appliance, click SBA Certificate.
From the Action drop down list, select Import X.509 Signed Certificate.
Before you begin: This operation requires that you paste in a Base 64 format Signed Certificate.
In the left navigation pane, under Lync™ Survivable Branch Appliance, click SBA Certificate.
From the Action drop down list, select Import PKCS12 Certificate and Key.
Click Browse and select the desired PKCS12 file and key.
You must use the same password as you used to export the certificate and key. See Exporting an SBA Certificate.