SSL Certificate Cannot Be Trusted
The certificate chain might contain a signature that is self-signed or does not originate from a known Certificate Authority.
- Ports 443, 3888, 9090, 50636, 50637
- Each Lenovo XClarity Administrator instance has a unique, internally generated Certificate Authority (CA). By default these ports (used for communication between the user and virtual appliance or between the managed devices and virtual appliance) use a certificate that is signed by that CA. If the SSL certificate cannot be trusted, generate and deploy a customized externally-signed server certificate to XClarity Administrator. For more information, see Deploying customized server certificates to Lenovo XClarity Administrator.
- Port 8443
- Each XClarity Administrator instance has a unique Certificate Authority (CA) that is used for only OS deployment. That CA signs a certificate that is used for the target server on port 8443. When OS deployment is initiated, the CA certificate is included in the OS image that is pushed to the target server. As part of the deployment process, that server connects back to port 8443, and verifies the certificate that port 8443 provide during the handshake because they have the CA certificate.
Give documentation feedback