Trusted CA

The Administration > Trusted CA page provides a means to allow this system to securely connect to external resources which use a certificate that is not signed by a widely-trusted Certificate Authority (CA). CA certificate files must comply with the following rules in order to be uploaded.

Important

All certificates expire eventually so they must be updated periodically. UIP administrators should include this in their annual maintenance planning for the UIP system.

Uploaded certificates must use the Base64 PEM format and have a .crt file extension. Certificate files with binary format (DER) are not supported. The first and last lines of the certificate file will be the following.

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

The uploaded certificates' Version field value must be V3 or higher and the certificate must not be expired or premature. The Basic Constraints field value property for Subject Type must be CA.

# Display the Version, Valid From, Valid To, and V3 extensions of certificate 
openssl x509 -noout -text -noout --certopt no_header,no_serial,no_signame,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_aux -startdate -enddate -in certficate.pem

The system will immediately trust certificates signed by the installed CA certificate. Services are not interrupted during the installation of CA certificate files.

Warning

Use caution when deleting installed certificates. Deleting an installed certificate could cause connections which were dependent on it to stop functioning properly.