Configure a Trusted CA

Devices, such as a phone or a laptop, may include a device certificate to identify the device. This certificate can be used for device verification. For example, in a laptop there is a certificate that identifies both you and the laptop. That certificate is issued by a Certificate Authority. For the device to be trusted, you need to upload the CA certificate that issued the device certificate as a Trusted CA.

Configure a Trusted CA

1.      Click > Resources > Certificate Authorities. The Certificate Authorities page appears.

2.      Click Trusted Certificate Authority. The Trusted Certificate Authority page appears.

3.      Click . The Add Trusted Certificate dialog box appears.

4.      Enter a Name for the Trusted CA.

5.      Select the State of the certificate. You can Disable a Trusted CA if you no longer want it to be used for device certificate verification.

6.      Click next to Upload Certificate and browse to select your .p7b or your .cer CA certificate file.

7.      If required, click and browse to select Additional Certificates.

This step is required if in the previous step you uploaded only the CA certificate file. If you only uploaded the CA file, you need to upload all intermediate CA certificate files up to the root CA certificate.

8.      Optional. Select Use as User Certificate CA if you want to enable User Certificate authentication for first-factor (passwordless) or second-factor authentication.

9.      Optional. Select Enable Revocation Checking if you want to be able to revoke the certificate.

10.  Optional. Enter the OCSP Responder URL Location.

11.  Optional. Click and browse to select the OCSP Responder Certificate.

Note: OCSP Responder Location and OCSP Responder Certificate are both optional. The OCSP responder location is used only if  the certificate does not include the Authority Information Access (AIA) extension. The OCSP responder certificate is used only if provided and if the responder signs the response and the signature requires verification.

IDaaS supports public OCSP responders and public HTTP CRL distribution points defined in the certificate.

12.  Click Add. The CA is added to the Trusted Certificate Authority page.

13.  If required, on the Trusted Certificate Authority page, click to include the existing Issuing CAs as trusted CAs that can also be used for device certificate authentication.