About certificate authorities
A CA is a third-party entity that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate, which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.
Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.
You might need to add CAs to the pool if your organization has an internal CA, your certificates are signed by an intermediate or root CA not in the trusted list, or the certificate for a CA in the list is expired or has been revoked and needs replacing.
Replacing an expired or an about-to-expire SSL certificate depends on the type of certificate you want to replace:
- Peer certificate—For details, go to Knowledge Base article
S17054.
- Root CA certificate—For details, go to Knowledge Base article
S30418.
- Proxy certificate—For details, go to Knowledge Base article
S34687.
Generally, you do not need to add certificates if your CA is among those in the trusted list.
If you need to add a CA to the list, you can upload its certificate file or paste its content directly into the Management Console. Importing multiple certificates is supported. When adding a single certificate, you can specify a local name for it.
You can update the appliance’s trusted root store on this page.
Appliances include a pool of preimported certificates from common, trusted CAs. The default list of CAs, as well as settings for adding CAs, is under Optimization > SSL: Certificate Authorities.

Adding or Removing a Certificate Authority
Under Certificate Authorities, see the following options:
Add a New Certificate Authority
Click to add a new CA.
Optional Local Name
Selecting an optional local name for the CA is available when uploading a single certificate at a time.
Local File
Browse your local system for the CA file.
Cert Text
Optionally, you can paste the certificate directly into the management console.
Add
Click to add the CA.