Importing intermediate CAs
An intermediate CA store is for the intermediate CA certificates that back-end servers would normally use to complete the chain of server certificates, if any. HTTPS transactions use intermediate CAs when the server certificate is signed by an intermediate certificate authority (CA) rather than a root CA.
In FortiADC, a root CA can be imported as an "intermediate CA".
Before you begin, you must:
- Have Read-Write permission for System settings.
- Know the URL of an SCEP server or have downloaded the certificate and key files and be able to browse to them so that you can upload them.
To import an intermediate CA:
- Go to System > Certificate > Manage Certificates.
- Click the Intermediate CA tab.
- Click Import to display the configuration editor.
- Complete the configuration as described in Intermediate CA import configuration.
- Click Save when done.
- Repeat Steps 3 through 5 to import as many intermediate CAs as needed.
|Certificate Name||Configuration name. Valid characters are
|SCEP URL||Specify the URL of the SCEP Server.|
|CA Identifier||Enter the identifier of the CA on the SCEP server, if applicable.|
|Certificate File||Browse for and upload the the certificate file on the local machine.|
Browse for the corresponding PEM key file that you want to upload.
Note: Both a certificate file and key file are required for the intermediate CA used in SSL decryption by the forward proxy.
|Password||Password to encrypt the files in local storage.|