A CA is a third-party entity that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate, which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.

You might need to add CAs to the pool if your organization has an internal CA, your certificates are signed by an intermediate or root CA not in the trusted list, or the certificate for a CA in the list is expired or has been revoked and needs replacing.

Generally, you do not need to add certificates if your CA is among those in the trusted list.

If you need to add a CA to the list, you can upload its certificate file or paste its content directly into the Management Console. Importing multiple certificates is supported. When adding a single certificate, you can specify a local name for it.

You can update the appliance’s trusted root store on this page.

Appliances include a pool of preimported certificates from common, trusted CAs. The default list of CAs, as well as settings for adding CAs, is under Optimization > SSL: Certificate Authorities.

Under Certificate Authorities, see the following options:

Click to add a new CA.

Selecting an optional local name for the CA is available when uploading a single certificate at a time.

Browse your local system for the CA file.

Optionally, you can paste the certificate directly into the management console.

Click to add the CA.