Federation Manager Guide › Key and Certificate Management to Secure Federation Messages › CA Certificate Usage

CA Certificate Usage

The federation system uses Certificate Authority certificates to verify the following items:

• Whether an SSL server certificate for an SSL connection that secures the artifact back channel is trusted.
• For artifact single sign-on, secure the back channel with an SSL connection. The embedded web server for the federation system can verify that the SSL connection is secured by a trusted certificate by validating the certificate of the Certificate Authority. This certificate must be stored in the certificate data store.
• Whether a certificate revocation list is valid.

  CRLs are acquired from a Certificate Authority. The certificate of the corresponding CA is required to validate the CRL before it can be trusted. The CRL is stored in the data store for use at runtime.

A default set of common root and intermediate CA certificates are shipped with the product for these purposes.