you can use the command cp_conf ca, becarfull in production, you have to restablish sic to every firewall managed by this CMA.
cp_conf ca :Description Initialize the Certificate Authority Syntax
> cp_conf ca init
> cp_conf ca fqdn Parameter Description init Initializes the internal CA fqdn Sets the FQDN of the internal CA to >cp_conf finger Description Displays the fingerprint which will be used on first-time launch to verify the identity of the Security Management server being accessed by the SmartConsole. This fingerprint is a text string derived from the Security Management server's certificate Syntax
> cp_conf finger get