We are using an SSO product. It supports "self service" password reset from the SSO level layer.
For trusted access it is asking for a valid security certicate for the vault, the installed cert must have the follow characteristics:
The certificate must be issued by a Certification Authority (CA) that is trusted by end users.
The certificate must be in PEM format, a text-based Base64 encoding of the binary DER format.
The certificate file must include an unencrypted private key.
The certificate includes the VIP as the subjectAltName field in the Certificate Signing Request to the CA.
The vault needs to be restarted for the certificate to take effect in Password Reset Operations.
I don't know much about certs except for the ones I've purchased from our ISP for our exchange system to work and another system that uses https
this system in question is a totally internal system which cannot be seen from the outside. I have a DC with CA running on it... is that a start?
I have no idea how to have one issued, or how to "request" one.
I've included a screenshot of the Sentillion "install cert" page and of our CA on one of our DC's.