|
|
|
A set of common root and intermediate CAs is shipped with Federation Manager. If you want to use CA certificates that are not already in the key database, you can import them.
In most cases, a certificate imported from the Import CA Certificate dialog is treated only as a CA certificate. The exceptions are self-signed certificates. If Federation Manager identifies a V3 self-signed certificate as a non-CA certificate, it is treated as a trusted certificate despite the fact that the import is initiated from the Import CA Certificate dialog. If it is a V1 self-signed certificate, then it is treated as a CA certificate.
To import a CA certificate
A list of CAs is displayed.
The Import CA Certificate dialog displays.
Note: You can click Help for a description of fields, controls, and their respective requirements.
The Available Entries list is displayed.
You move to the Confirm step, where the Entries to Import group box is displayed.
The CA certificate is imported into the key database.
Note: To synchronize the policy engine with the key store immediately after you add or update a new certificate, restart the Federation Manager services. Otherwise, the changes to the key store are not available until the policy engine and key store synchronize. The amount of time for the policy engine and key store to synchronize depends on the configured frequency. You can modify database updates by adjusting the DBUpdateFrequencyMinutes parameter in the smkeydatabase.properties file.
Important! You cannot delete a CA certificate that is part of a trust chain for other certificates in use on the system. If you try to delete a CA certificate in use, an error message informs you that the certificate cannot be deleted.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |