See below for how to import a root certificate authority that has been created outside PKIaaS.

To import an external root CA:

  1. Open the following URL in a Web browser. 

    https://<hostname>/v2/

    Where <hostname> is the IP address or domain name selected in General.

  2. Log in to the Certificate Authority user interface as a user with the Owners or CA Administrators roles on a partition.
  3. Select the partition on which to manage certificate authorities and certificates. 

  4. Click Certificate Authorities in the sidebar.

  5. Click Add and select Certificate Authority.

  6. Select External Root Authority.

  7. Click Add and complete the following values. 
  8. Click Create.
  9. Check the details of the created CA — for example, the Serial Number of the certificate signing certificate.

CA Identifier

Type a unique identifier for the new Certificate Authority within its organization. This identifier:

  • Must be 3-18 characters long.
  • Can only include lowercase letters, numbers, underscores ("_"), and hyphens ("-").

Do not reuse the identifier of a Certificate Authority for up to 24 hours after it has been deleted.

Mandatory: Yes.

Friendly Name

Type a friendly name for the new certificate authority in the user interface.

Mandatory: Yes.

Root CA Certificate

Click Choose file and import the PEM-encoded certificate of the external CA.

Mandatory: Yes.