For Deep Edge to determine if a web server’s signature is trusted, the root Certification Authority (CA) certificate on which the signature is based must be added to the Deep Edge certificate store. There are three types of digital certificates that are involved in producing a digital signature:

• The "end" or "signing" certificate, which contains the public key to be used to validate the actual web server's signature
• One or more "intermediate" CA certificates, which contain the public keys to validate the signing certificate or another intermediate certificate in the chain
• The "root" CA certificate, which contains the public key used to validate the first intermediate CA certificate in the chain (or, rarely, the signing certificate directly).

If Deep Edge encounters an unknown certificate during SSL handshake or signature processing, it saves the certificate in the "not trusted" list. All types of certificates are collected in this way (signing, intermediate, and root). If required later, a CA certificate collected this way can be "trusted" by Deep Edge, allowing the signatures of those web servers that depend on that CA certificate to be processed as valid. Intermediate CA and end certificates might be activated, but this only has an effect if the root certificate is also activated.

To manage the certificates in the Deep Edge certificate store, perform the following operations:

• Add New—Add a new certificate that does not exist in the system.
• Delete—Remove the selected certificate(s) from the certificate store.
• Trust Authenticity of Certificate—Make a CA certificate trusted.
• Do Not Trust Authenticity of Certificate—Keep the certificate in the Deep Edge certificate store, but do not trust certificates that use it in their certification path.