Configuring HTTPS/TLS certificate authorities
You add HTTPS/TLS certificate authorities (CA) in the Administration > SSL: Certificate Authorities page.
You can update the appliance’s trusted root store on this page.
A CA is a third-party entity in a network that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate that states the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.
With the Client Authorization Certification (CAC) feature, clients can be certified using a variety of authentication certificates, depending on the browser or application they are using to connect to the TLS server. Each certificate can serve a specific function, such as Key Exchange or Signature. For the controller to successfully accelerate traffic, the recommended certificate function is Key Exchange. However, based on the inherent Windows-based cryptography settings (the Cryptographic Service Provider [CSP] installed on the Windows client) the certificate with the Signature function can also be used for authentication. Therefore, the controller can successfully accelerate traffic with the Signature authorization certificate. This acceleration is controlled by the host machine and the host machine settings.
Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.