If customer do not want to use self-signed certificate on Content Analysis System (CAS), the other option is to use certificate signed by internal certificate authority (CA)
CAS failed to accept CA Signed Certificate
Requirements to Add CA certificate on CAS
We can not perform Certificate Signing Request on CAS (that option is not available on CAS)
Note: The Key to import certificate on CAS is you need to import the entire chain of certs: root, intermediates, and host, be packaged up in pkcs12 (.p12) format along with the private key. if you are trying to import simple base64 certificate (.cer) from the CA, that would not work.
To get Private Key from Proxy
# conf t
#(config ssl) view keypair keyring_name