Importing Certificates into Trusted Root Certificate Store
The device provides its own Trusted Root Certificate store. This lets you manage certificate trust. You can import up to 20 certificates to the store per TLS Context (but this may be less depending on certificate file size).
The store can also be used for certificate chains. A certificate chain is a sequence of certificates where each certificate in the chain is signed by the subsequent certificate. The last certificate in the list of certificates is the Root CA certificate, which is self-signed. The purpose of a certificate chain is to establish a chain of trust from a child certificate to the trusted root CA certificate. The CA vouches for the identity of the child certificate by signing it. A client certificate is considered trusted if one of the CA certificates up the certificate chain is found in the server certificate directory. For the device to trust a whole chain of certificates per TLS Context, you need to import them into the device's Trusted Certificates Store, as described below.
You can also import multiple TLS root certificates in bulk from a single file. Each certificate in the file must be Base64 encoded (PEM). When copying-and-pasting the certificates into the file, each Base64 ASCII encoded certificate string must be enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
Only Base64 (PEM) encoded X.509 certificates can be loaded to the device.
| ➢ | To import certificates into the Trusted Root Certificate Store: |
| 1. | Open the TLS Contexts table (see Configuring TLS Certificate Contexts). |
| 2. | In the table, select the required TLS Context, and then click the Trusted Root Certificates link located below the table; the Trusted Certificates table appears. |
| 3. | Click the Import button, and then browse to and select the certificate file. |
| 4. | Click OK; the certificate is loaded to the device and listed in the Trusted Certificates store. |
You can also do the following with certificates that are in the Trusted Certificates store:
| ■ | Delete certificates: Select the required certificate, click Remove, and then in the Remove Certificate dialog box, click Remove. |
| ■ | Save certificates to a folder on your PC: Select the required certificate, click Export, and then in the Export Certificate dialog box, browse to the folder on your PC where you want to save the file and click Export. |