The Certificate Store contains the certificates that are trusted by the terminal emulator client and the Management and Security Server.
NOTE:When using Clustering, any changes made to the certificate stores (+ IMPORT or DELETE certificates) will be replicated to the other MSS servers in the cluster. You do not need to repeat the process on each MSS server.
Select Terminal Emulator Clients or Management and Security Server to filter the view of trusted certificates.
Clients that make a TLS connection to a host or Security Proxy must trust the host or proxy certificate. This panel presents a list of root certificates trusted by the terminal emulator applet.
The table lists the certificates that have been imported to the terminal emulator applet's trusted list. To view details about the certificate, click the certificate's Friendly name.
With Terminal Emulator Clients selected, click + IMPORT.
Click UPLOAD. Select the file containing the certificate to upload to the MSS Administrative Server.
Enter the Keystore file name, Keystore password, and Friendly name.
Click IMPORT to add the certificate.
Restart the MSS Administrative Server.
See Trusted Root Certificate Authorities (collapsed by default).
This collection of certificates includes CA certificates used to authenticate X.509 clients and to establish other servers as known and trusted to the Management and Security Server. To view details, click the certificate's Friendly name.
This collection is used for the following features:
X.509 with Fallback to LDAP authentication: Add CA certificate(s) needed to authenticate end-user certificates, such as a certificate stored on a smart card.
For these features, certificates are added to establish the other server as known and trusted.
Automated Sign-On for Mainframe: Add a certificate(s) to establish trust of a Mainframe host.
Micro Focus Advanced Authentication (MFAA): Add certificate(s) to trust the MFAA host.
Server certificates from other servers should be included in this certificate collection.
With Management and Security Server selected, click + IMPORT.
Click UPLOAD. Select the file containing the certificate to upload to the MSS Administrative Server.
Enter the Keystore file name, Keystore password, and Friendly name.
Click IMPORT to add the certificate.
Restart the MSS Administrative Server.
IMPORTANT:When X.509 with Fallback to LDAP authentication is used in conjunction with other Management and Security Server features that also use the certificates in this collection (such as Automated Sign-On for Mainframe), use caution to ensure that trust is not inadvertently broadened and granted to unintended end-user clients.
See Trusted Root Certificate Authorities (collapsed by default).
This collection of certificates includes certificates used to establish other servers as known and trusted to the Management and Security Server. To view details, click the certificate's Friendly name.
This collection is used for these features:
Clustering: Add certificate(s) to trust other MSS servers in a cluster.
X.509 authentication for Host Access for the Cloud (HA Cloud): Add session server certificate(s) to establish trust between MSS and HA Cloud.
With Trusted Sub-System selected, click + IMPORT.
Click UPLOAD to select the file containing the certificate to upload to MSS Administrative Server.
Enter the Keystore file name, Keystore password, and Friendly name.
Click IMPORT to add the certificate.
Restart the MSS Administrative Server.
See Trusted Root Certificate Authorities (collapsed by default).
This table is collapsed by default on the Trusted Certificates panel. The table lists the set of commonly used root certificates in Management and Security Server. To view details about a root certificate, click its Friendly Name.
If a trusted CA root certificate expires or is compromised, you may need an update.
NOTE:If certificate changes are needed by Windows-based clients to perform X.509 authentication, you must restart the Management and Security Server for the changes to take effect.