Managing certificates

Content Gateway initially populates its trusted certificate store, the Certificate Authority Tree (CA tree) with the list qualified by Mozilla for Firefox (see mozilla.org), by Microsoft for Internet Explorer, and by Apple for Safari. The CA tree appears on the Configure > SSL > Certificates > Certificate Authorities tab in the Content Gateway manager. Content Gateway trusts origin servers that offer these certificates.

In the CA tree, a small “i” appears before the names of certificates that can be validated via certificate revocation lists (CRL) or online certification status protocol (OCSP). Content Gateway checks the revocation status of certificates used for both inbound and outbound traffic. See Keeping revocation information up to date for information about checking the revocation status of a certificate.

To view, delete, or change the allow/deny status of a certificate:

Steps

In the Content Gateway manager, go to the Configure > SSL > Certificates > Certificate Authorities tab.
Select the name of an authority to open a small pop-up window with information about that authority.
Do one of the following:
- To open or download the certificate for review, select Click to view certificate.
  Depending on your browser settings, you may be prompted to open or save the certificate file, or the file may automatically be saved to the browser’s default downloads directory.
- To delete a certificate, select Click to delete certificate, then confirm your choice.
  After deleting the certificate, verify that it no longer appears on the Certificate Authorities tab.
- To allow or deny the certificate, select the Click to change status to option. Depending on the status of the certificate, your choice is allow or deny.
  - If you change the status to deny, a red X appears next to the name of the certificate authority in the certificate authority tree.
  - If you change the status to allow, a green circle appears next to the name of the certificate authority.