Views:

Manage the root and intermediate CA certificates of HTTPS web servers.

Procedure

  1. Go to Zero Trust Secure AccessSecure Access ConfigurationInternet Access Configuration.
    The Internet Access Configuration screen appears.
  2. Select TLS/SSL Certificates from the HTTPS Inspection drop-down list.
  3. Select Root/Intermediate certificate from the Certificate type drop-down list in the upper left to view and manage the root/intermediate CA certificates added automatically by the system or manually by administrators.
  4. You can complete the actions outlined in the following table.
    Action
    Description
    Check a root/intermediate CA certificate
    View the CA certificate information:
    • Common name: The CommonName (CN) field in the CA certificate
    • Type: The type of the CA certificate, which is Root or Intermediate
    • Expires at: The date and time when the CA certificate becomes invalid
    • Status: Whether the certificate is trusted or untrusted or it is unknown to the system
      • Trusted: TLS/SSL certificates that use this CA certificate in their certificate chain are trusted.
      • Untrusted: TLS/SSL certificates that use this CA certificate in their certificate chain are untrusted.
      • Unknown: The CA certificate is unknown to the system.
    Click the common name of a certificate to view the certificate details.
    Add a root/intermediate CA certificate
    1. Click Add.
    2. Click Select File..., and then select a Base64 encoded (.pem) or ASCII (.p7b) X.509 certificate file from your local machine.
      Note
      Note
      If you add a certificate that is already in the list, the latest settings override the existing settings.
    3. Set the certificate to Trusted or Untrusted.
    4. Click Save.
    Note
    Note
    If the system encounters an unknown CA certificate, it automatically adds the certificate to the system certificate store and sets it to Unknown.
    Configure a root/intermediate CA certificate
    Select a certificate and click Set to Trusted or Set to Untrusted in the upper left to change the status of the certificate.
    Select one or multiple certificates and click Delete in the upper left to delete the certificates from Trend Vision One.
    Filter root/intermediate CA certificates
    Use the search text box and the following drop-down lists to filter certificates:
    • Type: Whether the certificate is a root or intermediate CA certificate
    • Status: Whether the certificate is trusted or untrusted or it is unknown to the system