I’m just setting up a new UCS domain. I know it includes a CA to generate certificates for the whole domain. But these certificates are marked as not trusted by macOS or iOS. I think because they don’t match Apple’s requirements https://support.apple.com/en-gb/HT210176
How to create a CA and certificates that match the requirements and so are marked as trusted. Deploying the UCS root certificate to the devices isn’t enough in Apple’s eyes.
Have a look at the letsencrypt app.
That will not help. I try to tell the UCS CA to issue trusted and valid certificate. Let’s encrypt is very nice for certificate of public accessed web services.
I found it‘s enough to reduce the max days to 825. All other parameters do match. It is marked as valid after deploying the root certificate to the clients.
Great that you found a solution yourself. If possible, please share how you were able to change that setting.