If you have your own CA, you can convert it to a .pem and then use it, yes, but you'll need to be able to verify you have ownership of that CA by creating a certificate signed by that CA with a specific value in the CN. That's called 'verifying' the CA.
I made a video outlining this process a while back. You can find it here:
The description has all the commands I ran for examples but I did it with the ziti CLI, not with ZAC. It's the same, but a bit different (CLI vs UI) but maybe it'll help. You can also find the thread about this here on discourse at