Certification Authorities

Certification Authorities are listed and managed in the Certification Authorities section. If you have multiple Certification Authorities, you can apply a filter to sort them.

note

Note

Certification Authorities and certificates are accessed using the same permissions for the Certificates function. Certificates and authorities created during installation, and those created afterward by the administrator, are contained in the All static group. See the list of permissions for more information on access rights.

Click Actions to manage the selected Certification Authority:

add_new_defaultNew  - Create a new Certification Authority

icon_tags Tags - Edit tags (assign, unassign, create, delete).

delete_default Delete - Delete the selected certification authority

import_default Import Public Key

export_default Export Public Key

move_default Access Group - A certification authority can be moved to another group to become available to users who have sufficient rights for this group.

Filters and layout customization

You can customize the current Web Console screen view:

Manage the side panel and main table.

Add filters and filter presets. You can use tags for filtering the displayed items.

example

Example

How to divide access to certificates and authorities

If Administrator does not want to allow the user John to access ESMC Certification Authorities, but needs him to be able to work with certificates, the administrator has to follow these steps:

1.Create a new Static Group called Certificates.

2.Create new Permission set.

a.Name this permission set Permissions for certificates.

b.Add a group named Certificates in section Static Groups.

c.In the Functionality section, select Write for Certificates.

d.In the Users section, click icon_expand Native Users and select John.

e.Click Finish to save the permission set.

3.Move certificates from the All group to the newly created Certificates group:

a.Navigate to More > Peer Certificates.

b.Select the check boxes checkbox_ok next to the certificates you want to move.

c.Click Actions > move_default Access Group, select the Certificates group and then click OK.

Now, John is able to modify and use moved certificates. However, Certification Authorities are safely stored out of this user's reach. John will not be able even to use existing authorities (from group All) for signing any certificates.