Certificate Authorities (SSL)

Typically in a web-based application, it is the client that authenticates the server. To identify itself, an SSL certificate is installed on a web server and the client checks the credentials of the certificate to make sure it is valid and signed by a trusted third party. Trusted third parties that sign SSL certificates are called certificate authorities (CA). For detailed information about how SSL works, see the SteelHead Management Console User’s Guide for SteelHead CX.

A CA is a third-party entity in a network that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate that states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.

Important: Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.

You can need to add a new CA in these situations:

• The server certificates are signed by an intermediate or root CA unknown to the appliance (perhaps external to the organization).

Complete the configuration as described in this table.

Control	Description
Add a New Certificate Authority	Optional Local Name - Specify the local name.
	Local File - Browse to the local certificate authority file.
	Cert Text - Paste the certificate authority into the text box and click Add.
Add	Adds the certificate authority
Remove Selected	Select the check box next to the name and click Remove Selected.
Certificate Authority	Select the certificate to view the certificate details.