An external certificate authority (CA) can be used to authenticate devices and users.
You can specify CAs for all system devices or just the Manager device.
- On the Settings tab, navigate to
.
-
Click Add CA to enter either a Device or User CA.
For more information, see
PKI and
X.509.
- Click Generate new CA
- Click Edit
- Edit the trust settings for the internal certificate authority.
-
Click Save.
Note: The Online Certificate Status Protocol (OCSP) responder configured in the certificates and the
Certificate Revocation List (CRL) distribution point for the CRLs issued by the CA must be reachable
by all appliances over the necessary protocols (HTTP/HTTPS) so that the OSCP can be queried and CRLs
can be downloaded.