ProSafe SRX5308 Certificate install problems

I want to install a new self-signed certificate on my SRX5308.  The first step is to install the certificate authority (root certificate) and I have spent several hours in the routers interface trying to simply do that.  I checked the manual and it is absolutely useless, giving only vague, general instructions with no what settings nor step-by-step instructions.  I've tried probably 100 different methods/settings and searched the Net for answers.  I've found the following things I THINK are true:

1. The best I can use is SHA1 with 2048.  The "Generate Self Certificate Request" section of the interface only offers:

   -Hash: MD5 or SHA1 (yes, I know SHA1 is depreciated)

   -Algorithm: RSA

   -Key Length: 512, 1024, or 2048

2. The system doesn't support the "ST" (state/province) field in certificates.  This seems odd and, of course, this very random, specific, quirk is not mentioned anywhere in manual.  I found 1 link that still worked in a kb article about "Using certificates as authentication method for box to box VPN connection" that included "Note 1: NETGEAR does not support ST relative distinguished (state/province) name so please edit the openssl.cnf file (in the original location and in your new CA folder) to avoid using this parameter."

I have the last firmware available, v4.3.5-3.  I've created a few different certificate authorities using openssl on a Linux box.  I've created root CA pairs, intermediate pairs, private keys, certificate signing requests ad nauseum.  Did that with modern methods (SHA2 +) and then with the older SHA1 / 2048 method.  I am using .pem files and not sure if it requires another format???  There is no mention in the manual, it just has vague directions like "Download a digital certificate file from a trusted CA and store it on your computer."  None of the root certificate files will upload.  I tried some chained files that I found described in (good) instructions for other platforms: root + intermediate certificates, private key + root certificate, private key + root certificate,  + intermediate certificate, etc but nothing worked.

When I select a certificate file in the interface and click "Upload" the interface crashes and goes to a corrupted login screen.  It shows 2 of the normal login screen.  The top one says "While loading the page critical error encountered."  in between there is text of "Set-Cookie: TeamF1Login=cW5kUWpmeFM3TTBOMFNRYWFGMzUwQT09Ojo6OmJvYmE%3D; expires=Wednesday, 31-Dec-1969 23:59:59 GMT".  The bottom shows the regular login screen graphics and i can login.

There was a previous Trusted Certificate, request, and certificate on it but no idea from where they came.  And I had to delete those to try to upload the new ones so no help there.

Does anyone know what it takes do a simple root certificate upload on this thing?  I am hoping there are a few of you out there who used these and might remember the tricks.  Thanks.