A Certificate Authority (CA) is a trusted third party that issues digital certificates and manages public keys used for secure communication. When a CA issues a certificate, it confirms that the public key in the certificate belongs to the entity named in the certificate (like a person, server, or organization). If you trust the CA and can verify its signature, you can trust that the public key belongs to the right entity.

Before adding a CA, it’s important to confirm that it’s legitimate. A fake or compromised CA can issue fraudulent certificates and put your network security at risk.

You may need to add a CA if:

How you replace an expiring certificate depends on the type:

Usually, you don’t need to add anything if your CA is already in the trusted list. But if you do need to add a CA, you can upload the certificate file or paste it directly into the Management Console. You can also import multiple certificates at once and assign a local name to each one.

You can manage and update the appliance’s trusted root certificate store from this same page.

Appliances include a pool of preimported certificates from common, trusted CAs. The default list of CAs, as well as settings for adding CAs, is under Optimization > SSL: Certificate Authorities.

Under Certificate Authorities, see the following options:

Click to add a new CA.

Selecting an optional local name for the CA is available when uploading a single certificate at a time.

Browse your local system for the CA file.

Optionally, you can paste the certificate directly into the management console.

Click to add the CA.