I believe (its been a while) that this means to use the CA represented by MyCA and not not check the revocation status of the CA, and also to not disable the CA if the CRL (the revocation list specified in the certificate) cannot be downloaded.
The ca-identity, well, I don't recall if the CA root certificate name has to be used for the ca-identify, but the ca-identity does represent the root CA certificate.
Again, its been ?2? years. and is only used if you use the WebUI, or vpns. Also, I haven't had to set one up since I did the one in my example...
Sorry.