Adding trusted root certificates

Trusted root certificates allow web servers to accept the trusted root certificates from connecting clients. Trusted root certificates are also useful for automatically completing partial certificate chains presented by CAs.

About this task

You create Trusted Root documents in the Trusted Roots view of certstore.nsf to store the trusted root certificates and then select them when you generate TLS certificates.

Note: Let's Encrypt trusted roots for both the Production and Staging environments are included in certstore.nsf and are added automatically to TLS certificates that are generated by the Let's Encrypt CA.

To add a trusted root certificate:

Procedure

  1. Open certstore.nsf.
  2. Select the Trusted Roots view.
    Note: You can use the Usage categories field to define how the trusted root will be used. When Restrict use to category is selected, choosing a category from the list limits the use of the trusted root to that category.
  3. Click Add Trusted Root.
  4. Copy the certificate to the clipboard and then click Paste Certificate.
  5. Click Submit Request to add the trusted root certificate to the Trusted Roots view.

What to do next

When you request a TLS certificate, select the Security/Keys tab of the TLS Credentials document. In the Trusted Roots field, select the trusted root certificate you added.

You can also add a trusted root certificate to an existing TLS Credentials document. The trusted root certificate is in effect right away.