The federation system uses Certificate Authority certificates to verify the following items:
CRLs are acquired from a Certificate Authority. The certificate of the corresponding CA is required to validate the CRL before it can be trusted. The CRL is stored in the data store for use at runtime.
A default set of common root and intermediate CA certificates are shipped with the product for these purposes.
A set of common root and intermediate CAs are included with the product. To use CA certificates that are not in the certificate data store, import them.
Any certificate that you import is treated as a CA certificate. The exceptions are self-signed certificates:
Follow these steps:
The CA certificate is imported into the certificate data store. The change takes place directly after the import is complete.
Important! You cannot delete a CA certificate that is part of a trust chain for other certificates in use on the system. If you try to delete a CA certificate in use, an error message states that the certificate cannot be deleted.
Copyright © 2012 CA Technologies.
All rights reserved.