Use a certificate authority

Use a trusted CA (certificate authority) to simplify certificate trust management; the CA issues certificates that you import. If the browser is configured to trust the CA, certificates signed by the CA are also trusted. A CA can be internal (operated and maintained by your organization) or external (operated and maintained by a third party).

You can import a certificate signed by a CA, and using it instead of the self-signed certificate. The overall steps are as follows:

  1. You generate a CSR (certificate signing request).
  2. You copy the CSR and submit it to the CA, as instructed by the CA.

    Request that the certificate be generated with a 2048-bit key and with a digital signature algorithm of SHA256 or higher.

  3. The CA authenticates the requestor.
  4. The CA sends the certificate to you, as stipulated by the CA.
  5. You import the certificate.

See Create an appliance certificate signing request and Import a certificate.