Skip to main content

Trusting the Front-End Root CA (Optional)

If the root-CA in the Key Manager front end server-certificate chain is not a commonly acknowledged CA, and if you require front-end-certificate validation, you will need to manually add the root-CA certificate to the list of trusted CAs in the system.

  1. Gain root-terminal access to the User Portal machine.

  2. Upload the root-CA certificate of the Key Manager front end server-certificate chain to an arbitrary location on the User Portal machine.

  3. Run the following commands to add the root-CA certificate to the list of trusted CAs (replace /path/ to/ca.crt with the path to which you uploaded the root-CA certificate):

    # cp /path/to/ca.crt /etc/pki/ca-trust/source/anchors/
    # update-ca-trust enable
    # update-ca-trust
    note

    In situations where the root-CA certificate of the Key Manager front end server-certificate chain is not trusted by the system, you can still establish successful API connections by setting Verify certificate to no. This setting is described in more detail in Uploading Client Certificates to User Portal.