The TLS security protocol use a secure server RSA X.509V3 certificate to authenticate your site to any client that accesses the server and provides a way for the client to initiate a secure session. You obtain a certificate from a certificate authority or you can create a self-signed certificate. When you obtain a certificate file, a trusted root certificate file and key file are created. This topic describes the layout of the trusted root certificate file and the key certificate file.
Connect:Direct® Secure Plus uses two certificate files to initiate TLS session: a trusted root certificate file and a key certificate file.
When you obtain a root certificate from a certificate authority, you receive a trusted root certificate file. To configure Connect:Direct Secure Plus, add the name and location of the trusted root certificate file to the node record using the Secure+ Admin Tool.
A sample trusted root certificate file called trusted.txt is installed in the Connect:Direct Secure Plus\certificates directory when you install Connect:Direct Secure Plus. Use any text editor to add or delete certificate information to this file. In simple configurations, only one trusted root certificate file is used. In more sophisticated configurations, you may associate individual trusted root files with one or more node records.
When you use a certificate signing request (CSR) tool you do not need to change the contents of the key certificate file.
If you set up your own PKI infrastructure, you may chain more than two certificates, including a CA root certificate, one or more intermediate CA certificates, and an identity certificate. You can create chained certificates using one of the following methods:
- Using the Local Key Certificate File—In a chain of two certificates, the local key certificate file contains a private key and an identity certificate. In a longer chain, the key certificate file contains the private key and the identity key, followed by the intermediate CA certificates.
- Using the Remote Trusted File— In a chain of two certificates, the remote trusted file contains the CA root certificate. In a longer chain, the remote trusted file contains the CA root certificate and all the intermediate CA certificates.