Hoping that someone can help me understand the process around making our Qualys Vulnerability Scans "aware" of our internal PKI CA Root, so that internally-issues certificates no longer show as Untrusted.
I've looked at the Scans, Setup, Scanner Trusted CA screen.
I've downloaded the OpenSSL tools and believe I understand the commands needed to export the Windows PKI cert(s) into .PEM format.
What I am really wary of is exporting our PKI CA root certificate into a third-party system like Qualys.
Have others done this? Am I right to be wary, or am I just being paranoid?
Does the process boil down to: (a) export the PKI CA root certificate along with the Private Key; and (b) import it into Qualys?