Hey @codedmind,
the domaincontroller master in your UCS domain automatically generates certificates for all UCS servers joined to the domain by default using it’s own certificate authority.
The easiest way to make clients trust these certificates is to import the root CA of your domain on your clients.
I’ve written a KB article on doing that for Windows clients: How to import UCS root CA on Windows clients
Best regards