Update root CA certificate

Hi again,

I feel the subject of certificates in UCS isn’t covered well enough in the documentation. As this is very important (plus could be VERY problematic) subject I’d like some answers.

Firstly, as we already deployed UCS CA in the domain, I need to know how risky would be changing anything in ‘Certificate Settings’ GUI?

image

I’m assuming all certificates refer to those settings, so would I have to regenerate all linked certificates?

Secondly, if we decide to tamper with the rootCA would it be worth to adjust ssl settings in UCR? What would be the right order, UCR settings then the rootCA?

Finally, is there a simpler way to achieve the below in UCR?

Problems we are currently facing include issues with Fortinet authentication, giving us headaches with VPN configuration and servers authentication.

I agree with you on certificate documentation. I feel there needs to be an easier way to manage certificates for UCS, including uploading issuerCA and purchased SSL certificates. I recently added my own purchased wildcard certificates based on: (which seemed easy enough)

but after adding this checking UCS diagnostics failed with unverified certificates.

I added the intermediate cert following this guide:

which cleared up the errors in the diag. Maybe I’m doing it wrong, but it feels like certificates could be very difficult and confusing, especially when it can potentially break the entire UCS system?

Mastodon