The first step is to generate the CSR, which will be displayed on the screen and can be copied into the Certificate Authority (CA) to request the certificate.
Note: Avoid using CTRL+C, as the terminal may log out.

CSR Creation on Controller A

create certificate-signing-request subject "/C=US/ST=NY/L=NewYork/O=ExampleCorp/OU=IT/CN=pvm-controllerA.example.com" extensions "/subjectAltName=DNS:pvm-controllerA.example.com,DNS:pvm-controllerA,DNS:pvm-controllerB.example.com,DNS:pvm-controllerB"

CSR Creation on Controller B

create certificate-signing-request subject "/C=US/ST=NY/L=NewYork/O=ExampleCorp/OU=IT/CN=pvm-controllerB.example.com" extensions "/subjectAltName=DNS:pvm-controllerB.example.com,DNS:pvm-controllerB,DNS:pvm-controllerA.example.com,DNS:pvm-controllerA"

Upload Procedure via SFTP

Use a Linux system with the necessary certificates.
Perform the operation on the controllers one at a time, restarting the service on each controller after completing the operation.

Connection to Controller A

sftp -P 1022 Admin@pvm-controllerA.example.com

Upload the certificates:

put controllerA.cer cert-file:usr
put RootCA_Example.cer cert-file:trust

Activate the certificates and restart the service:

activate certificate service web usr_cert_a
restart mc a full

Connection to Controller B

After Controller A is fully operational, repeat the procedure for Controller B:

sftp -P 1022 Admin@pvm-controllerB.example.com

Upload the certificates:

put controllerB.cer cert-file:usr
put RootCA_Example.cer cert-file:trust

Activate the certificates and restart the service:

activate certificate service web usr_cert_b
restart mc b full

Removing Certificates

If needed, remove the certificates from the controllers using the following commands:

remove certificate usr_cert_a
remove certificate usr_cert_b

Note: This procedure includes Subject Alternative Names (SANs) for both controllers, ensuring a seamless configuration even after restarts.