When this happens you could either:
- Get your server certificates signed by a trusted CA.
- Export the FAS default CA file and import that into your OS truststore.
The first option is the recommended way for production installations and the Managing FAS SSL Certificates article explains how to do it. You can also find more details in the FAS Administrators Guide.
The second options is more of a temporary solution. First you need to export the default FAS CA certificate put in place by the installer. This is an internal CA that is used to sign all the certificates in a FAS install so that all the components of FAS trust each other.
To export the certificate from FAS you need to:
- Go to https://<FAS Address>:9990
- Navigate to Profiles (top right) and select the management profile (top left)
- Select Trust Management -> Trust Certificates in the left hand menu.
- Select the installer-ca in the list and click Export
- You then need to copy the output (PEM format) from the textbox that appears and paste into a txt file, which you will rename to have a certificate extension e.g. crt.
Then how you get the certificate into you OS's trust store is OS specific.
- Double click the file then click Install Certificate
- When prompted for the Certificate Store click the "Place all certificates in the following store" bullet point and browse to Trusted Root Certification Authorities
- Click OK.
- You may need to close a re-open the browser for it to read in the new certificate.