Importing a Custom Certificate Authority List

You can create a custom list of trusted certificate authorities and import it onto the appliance. The file must be in the PEM format and include certificates for the certificate authorities that you want the appliance to trust.

Procedure

Step 1

Click Network > Certificate.

Step 2

Click Edit Settings.

Step 3

Choose the Enable radio button.

Step 4

Click Choose File in Custom List.

Step 5

Browse to the location where the certificate resides, and click Ok.

Step 6

[Optional] Select the FQDN Validation check box to allow the email gateway to check whether the 'Common Name', 'SAN: DNS Name' fields, or both present in the certificate, are in the FQDN format.

Step 7

Click Submit.

Note
Below checks will done on CA import,

  • Expiry

    Certificate Expiry Alert: You will receive an alert for certificate expiry of custom CA certificates. The alerts are logged in the system_logs, and an alert mail is sent when the existing or newly added custom CA certificate is about to expire in 90 days. The intervals for sending alerts are scheduled for 90, 60, 30, 15, 5, 4, 3, 2, and 1 day(s) before expiry, as well as on the expiration day, and after it expires.

  • Duplication

  • CA flag is present and Set to "True"

  • Root Certificate Authority is present if importing Intermediate Certificate Authority is imported.