Background, I have my CA (Certificate Authority) running on UCS. Internally everything is working as expected, life is good. Externally if I only open port 443 to my UCS, I get an error message saying "This site can not provide a secure connection. If I throw open all the ports to UCS from outside I get the usual messages about self signed certificates.
Questions:
#1 What ports do I need open on the firewall to allow the outside world to see my CA and get certificates from it?
#2 If port 443 is required to be open for the CA to work, is there a way I can prevent outside people from logging into my UCS dashboard?
#3 In regards to the UCS server and the SSL application (a web based system) thinking the certificate Is there a way to get external users/apps to not think the certificates are ‘self signed’? As stated above everything works fine inside the company (Web app and UCS are at different IPs) Externally this does not work. If this requires an additional IP address, this is not much of an issue.
Greg