When setting up certificates in Universal ZTNA you must download the CA
certificate also known as the root certificate from the certificate authority so
that it can be uploaded into Universal ZTNA. Navigate to the domain
controller certificate services site.
-
Go to Microsoft Active Directory
Certificate Services: https://<certificatedomain>/certsrv.
-
Select Download a CA certificate,
certificate chain, or CRL.
-
Under Encoding method,
select the Base
64 option and select Download CA
certificate.
-
If web-based certificate
services are not enabled, you can open the Certification Authority window from
Server Manager on the Active Directory machine, right-click on the CA and select
Properties.
-
Under the General tab,
select View
Certificate.
-
Under the Details tab,
select Copy to
File.
The system displays the
Certificates Export
Wizard.
-
In the Export File Format
section, select the Base-64 encoded X.509 option and select Next.
-
In the File to Export
section, under File
name, select Browse.
-
Navigate to a directory where
the file will be saved, enter an appropriate name, and select Save.
-
To complete the process, select
Next.
The file will be
downloaded with a
.cer
extension.
Note
Before the
file can be uploaded you must rename the file with a
.pem
extension.
