From 5dda1813843dc5c7b36f20f65d5ca3ae2fef9675 Mon Sep 17 00:00:00 2001 From: Ryosuke Nakayama Date: Mon, 3 Jun 2024 18:43:03 +0900 Subject: [PATCH] Add note to clarify when installation of custom CA is required (#50947) Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> --- .../troubleshooting-tls-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md b/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md index d2e088340de1..40949df2fdc4 100644 --- a/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md +++ b/content/admin/configuration/hardening-security-for-your-enterprise/troubleshooting-tls-errors.md @@ -69,7 +69,7 @@ You should be able to download a certificate bundle (for example, `bundle-certif ## Installing self-signed or untrusted certificate authority (CA) root certificates -If your {% data variables.product.prodname_ghe_server %} appliance interacts with other machines on your network that use a self-signed or untrusted certificate, you will need to import the signing CA's root certificate into the system-wide certificate store in order to access those systems over HTTPS. +If your {% data variables.product.prodname_ghe_server %} appliance interacts with other machines on your network that use a self-signed or untrusted certificate, you will need to import the signing CA's root certificate into the system-wide certificate store in order to access those systems over HTTPS. If you want to use a certificate signed by an internal certificate authority, you must install the root certificate and any intermediate certificates. 1. Obtain the CA's root certificate from your local certificate authority and ensure it is in PEM format. 1. Copy the file to your {% data variables.product.prodname_ghe_server %} appliance over SSH as the "admin" user on port 122.