SSL Certificate Cannot Be Trusted

The certificate chain might contain a signature that is self-signed or does not originate from a known Certificate Authority.

Ports 443, 3888, 9090, 50636, 50637
Each Lenovo XClarity Administrator instance has a unique, internally generated Certificate Authority (CA). By default these ports (used for communication between the user and virtual appliance or between the managed devices and virtual appliance) use a certificate that is signed by that CA. If the SSL certificate cannot be trusted, generate and deploy a customized externally-signed server certificate to XClarity Administrator. For more information, see Deploying customized server certificates to Lenovo XClarity Administrator.
Ports 3001 and 8443
Each XClarity Administrator instance has a unique Certificate Authority (CA) that is used for only OS deployment. That CA signs a certificate that is used for the target server on ports 3001 and 8443. When OS deployment is initiated, the CA certificate is included in the OS image that is pushed to the target server. As part of the deployment process, that server connects back to ports 3001 and 8443, and verifies the certificate that ports 3001 and 8443 provide during the handshake because they have the CA certificate.