Federation Manager Guide › Key and Certificate Management to Secure Federation Messages › CA Certificate Usage › Import a CA Certificate

Import a CA Certificate

A set of common root and intermediate CAs are included with the product. To use CA certificates that are not in the certificate data store, import them.

Any certificate that you import is treated as a CA certificate. The exceptions are self-signed certificates:

• If the system identifies a V3 self-signed certificate as a non-CA certificate, the certificate is treated as a trusted certificate. This behavior occurs even though you initiated the import from the Import CA Certificate dialog.
• If the system identifies a V1 self-signed certificate, the certificate is treated as a CA certificate.

Note: If you are importing a root CA certificate, import all root CA certificates in the chain if they are part of a trust chain.

To import a CA certificate

1. Log in to the Federation Manager UI.
2. Select Certs & Keys, Authorities.

   The Certificate Authorities List displays.

3. Click Import New.

   The Import CA Certificate dialog displays.

   Note: Click Help for a description of fields, controls, and their respective requirements.

4. Follow the wizard to import a new entry.
5. At the Confirm step, review the certificate information and click Finish.

The CA certificate is imported into the certificate data store. The change takes place directly after the import is complete.

Important! You cannot delete a CA certificate that is part of a trust chain for other certificates in use on the system. If you try to delete a CA certificate in use, an error message states that the certificate cannot be deleted.