CA Certificate Usage

Federation Manager uses authority certificates for the following tasks:

To verify if an SSL server certificate used to secure an SSL connection for the artifact back channel is trusted.
For artifact single sign-on, we recommend you secure the back channel with an SSL connection. Federation Manager's embedded web server can verify that the SSL connection is secured by a trusted certificate by validating the Certificate Authority's certificate. This certificate must be stored in the Federation Manager key database.
To verify certificate revocation lists.
CRLs are acquired from the CA and then stored for use by Federation Manager at runtime.

A set of common root and intermediate CA certificates is shipped with Federation Manager for these purposes.