...
Grid: From the Grid tab, select the Grid Manager tab.
Member: From the Grid tab, select the Grid Manager tab -> Members tab -> member checkbox.Select Certificates -> Manage CA Certificates from the Toolbar.
In the CA Certificates editor, click the Add icon.
In the Upload dialog box, click Select and navigate to the certificate you want to upload.
Select the file and click Upload.
...
Note
NIOS can only upload certificates that are in PEM format. A.PEM file can contain more than one certificate. For information about how to convert CA certificates to .PEM format,
...
see Converting CA Certificates to PEM below.
Repeat the steps to add additional CA-signed certificates.
...
Select a certificate and click the Delete icon to delete it.
Print the data or export it in .csv format.
RFC-5280 Checks
In NIOS 9.0.2, if you try to upload a certificate to the Grid, the following checks are performed in compliance with RFC-5280:
Mark the basicConstraints extension of CA certificates as critical.
CA certificates must explicitly include the keyUsage extension.
If you specify a pathlenConstraint value, you must allow the keyCertSign key usage.
Do not specify the pathlenConstraint value for non-CA certificates.
Do not leave the issuer name of any certificate blank.
Do not leave the subject name of CA certificates, certificates with keyUsage crlSign, and certificates without subjectAlternativeName blank.
If you specify a subjectAlternativeName extension, it must not be empty.
The signatureAlgorithm field and the certificate signature must be consistent.
Do not mark critical any given authorityKeyIdentifier and any given subjectKeyIdentifier.
Specify the authorityKeyIdentifier for X.509v3 certificates unless they are self-signed.
Specify the subjectKeyIdentifier for all X.509v3 CA certificates.
About CA Certificates for Cisco ACI
...