IDConfirm 1000 (SA Server)
If you are a server administrator and running windows server, you will have a Certificate Services Role installed and therefore your CA Root certificate.
Also, you will have autoenrollment enabled in your group policy management.
You will need enterprise certification authority, web server template duplicate with appropriate settings for Request Handling (allow private keys to be exported), Subject Name Choice and Security where the permission for autoenrollment of Computer where SA Server is installed is added:
Server administrator will add the created template among templates to issue and will update the group policy management.
Once logged in as administrator on the server where application is installed, via MMC, under add-remove snap-ins, Certificates, Computer Account will open a Console where under Personal Certificates should be a new SSL certificate created by Web Server Template for Server Authentication.
On the SSL Certificate with Private Key righ-click and choose export from all tasks. We recommend to save certficate to a file with private key in order to upload in setup portal and without the private in order to apply for s connect license key if customer decides to use live provisioning of devices.
If is common mistake to assume your company has only a root CA when it fact, it can have an intermediate certficate.
In this scenario it is necessary to have the intermediate authority issue the SSL certificate and those two certficates need to be uploaded inside setup portal.
Also, in this case manual request for new certificate under Personal Certificate is recommended and choosing the right Certificate Authority.