Public Network
When everything is installed in a public network each of the host machines should have a certificate generated and signed from a commercial CA. In this case the user will need to create a certificate and then make a certificate signing request (CSR) to the CA. The CA will validate the request and return the signed certificates. The signed certificates can then be installed in the application servers.
When using a well-known commercial CA, it is likely that users will already have the root public key for the CA in their trusted certification store. If not, the public key for the CA can be shared or pushed users to import into their local trust store.
Provide Feedback