Extract root CA certificate for Active Directory server certificates

If your Active Directory server certificate is signed by a commercial certificate authority (CA), obtain the topmost root CA and intermediate CA certificates in the certificate chain from the commercial CA. If your organization has an internal enterprise CA that you use to issue the Active Directory server certificate, ask your Active Directory administrator to provide a copy of the topmost root CA certificate (and intermediate CA certificates in the certificate chain), to upload to the appliance.

If you have access to your enterprise CA server that issued the Active Directory server certificate, use the following steps to get a copy of the root CA and intermediate CA certificates:
NOTE:

The procedures for extracting the CA root certificate differ with each CA server. The following steps use Microsoft CA server as an example.

Prerequisites

Privileges: Enterprise login or an Administrator account

Procedure
  1. Use a web browser to navigate to http://<CA server>/certsrv.
  2. Login using your enterprise login or an Administrator account.
  3. Click Download a CA certificate, certificate chain, or CRL.
  4. Click Download CA certificate, and save the CA certificates as a zip file.
  5. Extract the root CA and intermediate CA certificates to use with the appliance.