Configuring certificate authority

An external certificate authority (CA) can be used to authenticate devices and users. You can specify CAs for all system devices or just the Manager device.

Procedure

  1. On the Settings tab, navigate to Authentication > Certificate Authority.
  2. Click Add CA to enter either a Device or User CA.
    For more information, see PKI and X.509.
  3. Click Generate new CA
  4. Click Edit
  5. Edit the trust settings for the internal certificate authority.
  6. Click Save.
    Note: The Online Certificate Status Protocol (OCSP) responder configured in the certificates and the Certificate Revocation List (CRL) distribution point for the CRLs issued by the CA must be reachable by all appliances over the necessary protocols (HTTP/HTTPS) so that the OSCP can be queried and CRLs can be downloaded.