Managing Certificate Authorities
Note: This topic applies to the Edinburgh Release.

Each network device is given a "certificate" to prove its identity and, in some cases, allow it to issue other certificates.
Certificates contain two parts:
| A Public key which can be safely and securely shared |
| A Private key which is held only by the device to identify it according to the public key |
Certificates that can issue other certificates are known as Certificate Authorities. Certificate Authorities can create and sign for other certificates using their own private keys to verify that the signed certificate is trusted.
When the Smoothwall System’s instant messenger proxy or Guardian module are configured to intercept SSL traffic, certificates must be validated. This is done by checking them against the list of installed Certificate Authorities (CA).
Your Smoothwall System comes installed with open source certificates issued by well-known and trusted external Certificate Authorities.

1. | Go to System > Certificates > Certificate authorities. |
• | Valid indicates that certificate has not expired and can be used |
• | Built-in indicates those certificates that were provided upon installation |
2. | To review a specific certificate, click on its name. |
The certificate opens in a separate tab on the browser.

1. | Go to System > Certificates > Certificate authorities. |
2. | From the Import Certificate Authority certificate section, click Choose File. |
3. | Locate and open the relevant certificate. Note that this must be in PEM format. |
4. | Click Import CA certificate from PEM. |
The Smoothwall System imports the certificate to the bottom of the list.

1. | Go to System > Certificates > Certificate authorities. |
2. | Locate and Mark the relevant certificate. |
3. | Scroll down to the bottom of the page. |
4. | From the Export format drop-down list, select one of the following options: |
• | CA certificate in PEM — Export the certificate in an ASCII (textual) certificate format commonly used by Microsoft operating systems |
• | CA certificate in BIN — Export the certificate in a binary certificate format |
5. | Click Export. |
6. | Save the certificate on suitable medium. |

1. | Go to System > Certificates > Certificate authorities. |
2. | Locate and Mark the relevant certificate. |
3. | Scroll down to the bottom of the page. |
4. | Click Delete. |
Note: If a built-in certificate is deleted, it is moved to a "holding area" rather than removed from the system as it cannot be re-imported if it was deleted by mistake

1. | Go to System > Certificates > Certificate authorities. |
2. | Scroll down to the bottom of the page. |
3. | Click Restore deleted built-in CAs. |
All previously deleted CA certificates are restored to their original location.