Importing CAs into the trusted CA store
You can import third-party signed certificates and certificate chains into the SCC CA service using the Trusted CA Store page. Also on that page, you can easily update the trusted root store by clicking Update in the SSL Certificate Authorities Update section.
SSL certificate verification requires a complete chain of certificates. Using the Trusted CA Store page, you can import third-party signed certificates and certificate chains into the SCC CA service. You can also import root certificates separately or together as a chain.
The Trusted CA store displays a list of trusted CA stored in a secure vault that are used to verify end-user CAs that are imported into the SCC.
Whether the SCC CA is root CA or intermediate CA, completely depends on how the SCC CA certificate is signed:
• If SCC CA certificate that is being imported is self-signed then the SCC CA acts as a root CA.
• If SCC CA certificate is signed by any other CA, then the SCC CA acts as an intermediate CA.
You have these options for importing intermediate CAs:
• Add the CA’s public certificate to the Trusted CA Store page and import the end-user certificate from the SCC Certificate Authority page.
• Import the complete chain of the certificate from SCC Certificate Authorities page. The end-user certificate must be the first certificate in the chain.
To import a CA into the Trusted CA Store
1. Choose Administration > Security: Trusted CA Store to display the Trusted CA Store page.
2. Optionally, click Update to update the trusted root store.
3. Click + Import New Certificate to expand the page.
4. Complete the configuration as described in this table.
Control | Description |
Optional Local Name | Optionally, specify the name of the trusted CA store. |
Local File | Select this option and browse to the local file. |
Cert text | Select this option to copy and paste the certificate authority. |
Add | Adds the certificate authority to the trusted CA store. |
The certificate appears in the CA list.