17.1 Managing Trusted Roots and Trust Stores

A certificate from a certificate authority (CA) is commonly referred to as trusted root. A trusted root is a trusted certificate, or the certificate of a known CA. These certificates are self-signed and are recognized as representing a CA that is trusted. To validate a digital signature, you must trust at least one of the certificates in the user or server’s certificate chain. You can directly trust the certificate of the user or server, or you can choose to trust any other certificate in the chain. Typically, the certificate that is trusted is the root CA’s certificate.

When an external certificate authority creates certificates, you need to import the trusted root of the certificate authority and assign the trusted root to the trust store of the device that needs to trust the certificate.

  1. In Administration Console Dashboard, click Security > Trusted Roots.

  2. Select form the following actions:

    Import: Allows you to import trusted roots so that Access Manager devices can trust the certificate sent by other computers at runtime. For more information, see Section 17.1.1, Importing Public Key Certificates (Trusted Roots).

    Delete: To delete a trusted root, select the trusted root, then click Delete.

    Add Trusted Roots to Trust Stores: Allows you to assign a trusted root to a device so it can be used by that device. For more information, see Section 17.1.2, Adding Trusted Roots to Trust Stores.

    Auto Import From Server: To import a trusted root from another server, click Auto Import From Server. For more information, see Section 17.1.3, Auto-Importing Certificates from Servers.