Prerequisites
Review the following requirements before importing trust anchor certificates:
The certificate can't be expired.
The certificate Key Usage field must include digitalSignature.
The certificate CRL Distribution Points (CPD) extension must contain a CRL URL. The certificate can't be revoked when the revocation status is checked via the corresponding CRL.
The certificate Authority Information Access (AIA) extension must contain an OCSP URL. The certificate can't be revoked when revocation status is checked via the corresponding OCSP responder.
For root CAs, the certificate must be self-signed.
Public certificates must not use SHA1 hash algorithms for the signature.
Opmerking
Private certificates may use SHA1 hash algorithms for the signature.
Required permissions
Review the following table to understand the permission or role required to manage trust anchor certificates for a particular user type:
User type | Permission |
|---|---|
Account user | This user type must contain the following permission or role: |
System user | This user type must contain the following permission or role:
|