SCC Certificate Authority settings are under Administration > Security: Certificate Authority. The SCC includes a certificate authority (CA) service that can function either as a private root CA or as an intermediate CA trusted within your organization. This service enables allows the SCC to issue the following types of certificates to managed appliances:

Managing certificates for secure protocol optimization and HTTPS proxying can be complex and time-consuming. The SCC CA service helps simplify and automate this process through the SCC Management Console. With it, you can issue and manage secure peering certificates and set up trust relationships between appliances—all from a central location.

Using the SCC CA eliminates the need to configure secure peering on each appliance individually. When a managed appliance receives a certificate from the SCC CA, it automatically trusts other appliances with SCC-issued certificates, because the SCC CA becomes a trusted entity on that device.

The SCC CA only issues certificates and automatically signs them. To maintain security, it only uses certificates that it signs itself. You cannot submit a Certificate Signing Request (CSR) to the SCC CA through the Management Console. Also, to use this service, the CA purpose must be set to TRUE.

Here’s an example for a root certificate where the extension is a CA: