Yup, that's the one. I don't see a point in exporting self-signed certs into it.
What you can do is:
1. Setup a Root CA on the tool
2. Setup intermediates (which won't be necessary for your setup AFAIK)
3. Create certificate requests on both SRX boxes, export them to the tool and get them signed with the CA you set up
4. Export the certs and load them on individual SRX-es, along with the CA cert
5. Configure your VPNs
I don't have any guide for XCA, but it it a very simple to use GUI. It uses OpenSSL in the backend, powerful, easy to use.
(If you are a linux person, forget XCA - you can directly use OpenSL CLI š )
Feel free to share screenshots if you run into any trouble.