In the above article you document how to upgrade (regenerate) the internal RSA Auth manager root and certs to SHA256, but they are still internally generated roots by the RSA device (therefore self signed). Is there a process or documentation for replacing these root certificates with signed certs (issuing or client/server auth) from a company authorized CA or PKI? Would this be supported if they were changed?
The ones I am specifically asking about about addressing appear as RSA root CA for xxxx.xxxx.xxx and the certs signed by this root used on ports 7002 and 1813, etc. for product inter-communication.