A new one can be created using Web Management option Platform View > Settings > General > Certificates > Create New. This command must be used with caution as it will create a completely new root CA certificate – it will also require new ID certificates for all entities, and CA certificate distribution to all devices. To keep all existing ID certificates Renew existing should be selected; this will create a new certificate with the same content and public/private keys, but a different serial number and start/end date. Only this new root CA requires distribution, in-date existing ID certificates signed by the previous CA will still be valid. Care must be taken not to abuse the convenience of this feature as the longer the public/private keys are unchanged, the greater the risk of compromise.

See Using the IP Office Certificate Authority.