Root and Intermediate CA Certificates

Manage the root and intermediate CA certificates of HTTPS web servers.

  1. Go to Zero Trust Secure Access > Secure Access Configuration > Internet Access Configuration.

    The Internet Access Configuration screen appears.

  2. Select TLS/SSL Certificates from the HTTPS Inspection drop-down list.
  3. Select Root/Intermediate certificate from the Certificate type drop-down list in the upper left to view and manage the root/intermediate CA certificates added automatically by the system or manually by administrators.
  4. You can complete the actions outlined in the following table.

    Action

    Description

    Check a root/intermediate CA certificate

    View the CA certificate information:

    • Common name: The CommonName (CN) field in the CA certificate

    • Type: The type of the CA certificate, which is Root or Intermediate

    • Expires at: The date and time when the CA certificate becomes invalid

    • Status: Whether the certificate is trusted or untrusted or it is unknown to the system

      • Trusted: TLS/SSL certificates that use this CA certificate in their certificate chain are trusted.

      • Untrusted: TLS/SSL certificates that use this CA certificate in their certificate chain are untrusted.

      • Unknown: The CA certificate is unknown to the system.

    Click the common name of a certificate to view the certificate details.

    Add a root/intermediate CA certificate

    1. Click Add.

    2. Click Select File..., and then select a Base64 encoded (.pem) or ASCII (.p7b) X.509 certificate file from your local machine.

      Note:

      If you add a certificate that is already in the list, the latest settings override the existing settings.

    3. Set the certificate to Trusted or Untrusted.

    4. Click Save.

    Note:

    If the system encounters an unknown CA certificate, it automatically adds the certificate to the system certificate store and sets it to Unknown.

    Configure a root/intermediate CA certificate

    Select a certificate and click Set to Trusted or Set to Untrusted in the upper left to change the status of the certificate.

    Select one or multiple certificates and click Delete in the upper left to delete the certificates from Trend Micro Vision One.

    Filter root/intermediate CA certificates

    Use the search text box and the following drop-down lists to filter certificates:

    • Type: Whether the certificate is a root or intermediate CA certificate

    • Status: Whether the certificate is trusted or untrusted or it is unknown to the system