See below for adding an external root CA – that is, a root certificate authority created outside the Certificate Authority solution.

The following steps will ask you to have the certificate of this external CA at hand.

To add an external root Certificate Authority

  1. Open the following URL in a Web browser. 

    https://<machine>/v2/

    Where <machine> is the IP address or domain name of the machine hosting Cryptographic Security Platform. 

    Do not omit the ending forward slash "/" on this URL.

  2. Log in to the Management Console as the user described in Creating partition administrators
  3. In the Select Partition dialog, select the partition on which to manage certificate authorities and certificates. 
  4. Click Select.

  5. Click Certificate Authorities on the sidebar.

  6. Click Create > Certificate Authority.
  7. Configure the following settings. 
  8. Click Create to create the new Certificate Authority.

CA Type

Click ​External Root Certificate Authority.

Mandatory: Yes.

CA Identifier

Type a unique identifier for the new Certificate Authority within its organization. This identifier:

  • Must be 3-18 characters long.
  • Can only include lowercase letters, numbers, underscores ("_"), and hyphens ("-").

Do not reuse the identifier of a Certificate Authority for up to 24 hours after it has been deleted.

Mandatory: Yes.

Friendly Name

A friendly name for the new Certificate Authority in the user interface.

Mandatory: No. This optional value defaults to the one assigned to the CA Identifier field.

Root CA Certificate

Click Choose file and import the PEM-encoded certificate of the external CA.

Mandatory: Yes.