If customer do not want to use self-signed certificate on Content Analysis System (CAS), the other option is to use certificate signed by internal certificate authority (CA)

OR

CAS failed to accept CA Signed Certificate

OR

Requirements to Add CA certificate on CAS

We can not perform Certificate Signing Request on CAS (that option is not available on CAS)

1. You can perform CSR on Proxy or can use OpenSSL
2. Get it signed by internal PKI
3. Download entire certificate chain as DER or BASE64ENCODE format.
4. From Proxy CLI you will need to copy the private key (If you are not using proxy to perform CSR and using OpenSSL then get private Key from CA along with entire certificate chain in Base64 format)
5. Open Notepad, give it name with extension ".cer"
6. Concatenate the base64 certificate for root , intermediate, host, Private key into a file and rename to (.cer)
7. Next you need to convert (.cer) to PKCS12 (.p12) format.
8. Once above is converted to (.p12) format, login to CAS and import this certificate into the CAS.

Note: The Key to import certificate on CAS is you need to import the entire chain of certs:  root, intermediates, and host, be packaged up in pkcs12 (.p12) format along with the private key. if you are trying to import simple base64 certificate (.cer) from the CA, that would not work.

To get Private Key from Proxy

# conf t
#(config) ssl
#(config ssl) view keypair keyring_name