Download the root CA certificates from the CA
1) Navigate to the CA, eg. https://ca/CertSrv | "Download a CA certificate, certificate chain, or CRL" | Select DER encoding, and select "Download CA certificate".
Repeat the above process for any intermediate CAs in the environment
Install the root CA certificates into Safeguard
Navigate to Administrative Tools | Settings | Trusted Certificates | Click the + button and select the file(s) from above
Generate a web certificate request from the Safeguard Primary
From the Safeguard client | Settings | SSL Certificate | Click the + button and select "Create Certificate Signing Request (CSR)"
Enter the Distinguished Name, any Subject Alternative Names (DNS) Subject Alternative Names (IP Address) and click OK. (Note, one SSL certificate can be assigned to one or many of the Safeguard cluster members).
Note, all the IP addresses of the cluster members should be added into the Subject Alternative Names (IP Address)
Save the file to the desktop
NOTE: The certificate generated by the Certificate Authority (.CER file) is specific to the request file that was used to generate it.
Request a certificate from the CA
1) Navigate to the CA, https://ca/CertSrv
2) Select "Request a certificate" | Select "advanced certificate request" | Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. | copy in ALL the text from the certificate request file.
3) Change "Certificate Template" to "Web Server" | Click Submit
4) Select "DER encoded" and click "Download Certificate". A .CER file will be created
Installing the certificate onto Safeguard
Navigate to Administrative Tools | Settings | Certificates | SSL Certificates | Click the + button and select "Upload Certificate". Select the certificate from above.
Assign the certificate to Safeguard devices
Right click on the newly uploaded certificate and select "Assign Certificate to Appliances", tick the appliances you want to assign to and click OK.
Once this has been performed,validate from a browser that the new certificate is being presented by Safeguard on HTTPS. You will need to ensure the trusted root / intermediates certificates are installed on the workstation / browser certificate store.