Add the Certificate Authority (CA)

A Certificate Authority (CA) acts as the initially trusted shared entity between peers and issues signed certificates to make it possible for each party to trust the other. The CA issues and installs digital certificates and issues Certificate Signing Requests.

CipherTrust Manager distinguishes between local CAs and external CAs. A local CA can issue signed certificates since the private signing key is stored inside the CipherTrust Manager system.

An external CA does not store the private key. Instead an external CA is used as a trusted entity for various interfaces and services inside the system. In this case certificates are issued externally. It is fine to have a mix of both.

The first time a CipherTrust Manager is started, a new local KeySecure root CA is automatically generated. This CA is used to issue initial server certificates for the interfaces available in the system.

Before you begin 

• Get Root CA certificates for signing authority.

• Upload the certificate

Procedure 

1. Log on to the Thales CipherTrust Manager.

2. Go to CA, select External.

3. Select Add External CA.

4. Provide the display name.

5. Select Root CA certificate file and upload as external CA.

6. Click Add External CA.

7. To specify the newly added external CA as the signing authority, go to Admin Settings and select Interfaces.

8. To add external CA to web interface, click (More) and select View/Edit.

9. Select the External Trusted CAs from the drop-down menu and select + sign.

10. Click Update.

11. In the Interface Update window, click Continue.

What to do next 

Configure retention period for audit records

Related topics 

CipherTrust Manager Backup and Recovery