Configuring SSL certificate authorities
You add SSL certificate authorities (CA) under Optimization > SSL: Certificate Authorities.
A CA is a third-party entity in a network that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate, which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.
Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.
You might need to add a new CA in these situations:
• Your organization has an internal CA that signs the certificates or peering certificates for the back-end server.
• The server certificates are signed by an intermediate or root CA unknown to the appliance (perhaps external to the organization).
• The CA certificate included in the trusted list has expired or has been revoked and needs replacing.
Under Certificate Authorities, these configuration options are available:
Add a New Certificate Authority
Optional Local Name (ignored if importing multiple certificates)
Specifies the local name.
Local File
Browses to the local certificate authority file.
Cert Text
Pastes the certificate authority into the text box.
Select the Certificate Authority name to display details.