You are here: Product Documentation > Unified Threat Management > About the System Menu > Managing CA Certificates

Managing Certificate Authorities

Note: This topic applies to the Edinburgh Release.

ClosedWhat is a Certificate?

Each network device is given a "certificate" to prove its identity and, in some cases, allow it to issue other certificates.

Certificates contain two parts:

A Public key which can be safely and securely shared
A Private key which is held only by the device to identify it according to the public key

Certificates that can issue other certificates are known as Certificate Authorities. Certificate Authorities can create and sign for other certificates using their own private keys to verify that the signed certificate is trusted.

When the Smoothwall System’s instant messenger proxy or Guardian module are configured to intercept SSL traffic, certificates must be validated. This is done by checking them against the list of installed Certificate Authorities (CA).

Your Smoothwall System comes installed with open source certificates issued by well-known and trusted external Certificate Authorities.

ClosedReviewing Certificate Authorities
1. Go to System > Certificates > Certificate authorities.

Valid indicates that certificate has not expired and can be used
Built-in indicates those certificates that were provided upon installation
2. To review a specific certificate, click on its name.

The certificate opens in a separate tab on the browser.

ClosedImporting CA Certificates
1. Go to System > Certificates > Certificate authorities.

2. From the Import Certificate Authority certificate section, click Choose File.
3. Locate and open the relevant certificate. Note that this must be in PEM format.
4. Click Import CA certificate from PEM.

The Smoothwall System imports the certificate to the bottom of the list.

ClosedExporting CA Certificates
1. Go to System > Certificates > Certificate authorities.

2. Locate and Mark the relevant certificate.
3. Scroll down to the bottom of the page.
4. From the Export format drop-down list, select one of the following options:
CA certificate in PEM — Export the certificate in an ASCII (textual) certificate format commonly used by Microsoft operating systems
CA certificate in BIN — Export the certificate in a binary certificate format
5. Click Export.
6. Save the certificate on suitable medium.
ClosedDeleting CA Certificates
1. Go to System > Certificates > Certificate authorities.
2. Locate and Mark the relevant certificate.
3. Scroll down to the bottom of the page.
4. Click Delete.

Note: If a built-in certificate is deleted, it is moved to a "holding area" rather than removed from the system as it cannot be re-imported if it was deleted by mistake

ClosedRestoring Deleted Built-in CA Certificates
1. Go to System > Certificates > Certificate authorities.
2. Scroll down to the bottom of the page.
3. Click Restore deleted built-in CAs.

All previously deleted CA certificates are restored to their original location.