Certificate Authorities (CAs)

Available CAs can be viewed and searched for in the CAs / Show tab. There is also a filter that an admin can use to view only the archived CAs. This filter can be triggered by pressing the Show Archived button in the Actions dropdown list.

Default CAs are being created automatically.

External CAs can be imported in the CAs / Show tab by clicking the Import button. After selecting the PEM file that contains the CA certificates, a summary of those CA certificates is displayed and the user can then complete or cancel the import.

A user can modify a CA by entering the CAs / Show tab. There, by pressing the CA’s ID, the user will be redirected to the CA Details page. An Edit button is available here, which starts the Edit functionality. Then, by pressing Cancel the CA values return to the original ones, otherwise by pressing Save the CA updates. More specifically, a CA can be modified to allow or restrict the Verify Servers option which defines whether a CA can be used to verify a server.

A user can archive or unarchive a CA by entering the CAs / Show tab. There, by pressing the CA’s ID, the user will be redirected to the CA Details page. By pressing Archive or Unarchive button the CA will be archived or unarchived accordingly. Batch Archive and Batch Undo-Archive actions are also supported by selecting the checkboxes of the desired CA and choosing the Archive All Selected and Undo-Archive All Selected buttons in the Actions dropdown. In order for a CA to be archived it shouldn’t be linked with any certificate (not even revoked or archived certificates) or by being the root of any other CAs. Archived CAs can not be used for new operations.

A user can delete an archived CA through the CA page, the Show CA Table or the Administration/Archived Data Removal tab. In the CA page after archiving the entity a Delete button will appear. In the Show CA Table by pressing Actions→Show Archived the table will show the archived entities, and here the CAs can be selected, and through Actions→Delete all selected they can be deleted. Furthermore, the user can delete one CA at a time by pressing the row actions button and then Delete CA. Finally, in the Choose entity to delete dropdown choose CAs. As an extra safeguard there is the option to restrict the archived records that are going to be deleted by the date on which they were archived. In the Choose date calendar select the date, before which the records should have been archived, in order to be deleted with this action and press Delete. Only archived realms can be deleted.

A user can download the CA’s certificate by using the Download Certificate button of the selected CA in the CAs / Table page table or by using the button in the CA Details page.