The appliance contains SSL and SAML self-generated certificates, by default both named ag4csrv1, but NetIQ highly recommends that you replace the default certificates with well-known Certificate Authority signed certificates. The required format for importing a key pair is .pfx. This format contains the private key, certificate, and trusted roots required to import.
Log in with an appliance administrator account to the Admin page at https://appliance_dns_name/appliance/index.html.
Click the cluster icon under Appliances, then click Configure.
Delete the default key pairs by clicking the red delete (X) icon next to the SSL key pair and the SAML key pair.
Browse to and select the certificates you want to use, then click OK.
In the Instructions window, click OK.
Click Apply and wait for the configuration changes to be applied to the appliance. Do not perform other administration tasks in the console while the changes are being applied.
Close your browser and reopen it to start a new session using the new key pairs.
Expired key pair certificates prohibit changes from being made to this page and make the key pair field red. If the key pair expires, you must re-initialize the appliance before you can upload a new certificate.