After you generate a certificate for a management product in Region A that is signed by the two-layered certificate authority on the child AD server in the region, replace the default certificate or an expired certificate with newly-signed one on the product instance in the region.


Generate a certificate for the products in this validated design in one of the following ways: