Creating and managing trust stores

A trust store is a collection of root certificates that are trusted by default and are maintained by the companies that make operating systems and web browsers, such as Apple, Microsoft, Mozilla, and Google. Each has its own standards and requirements for root certificates but they all require an issuing CA to undergo one or more audits before their root certificate is included.

You can configure trust stores—including certificate trust bundle assignments, using a policy, which is the recommended method when you have many trust stores with the same configuration.

Trust Protection Foundation lets you create the following types of trust stores:

• CAPI Trust Store
• Connect:Direct Trust Store
• F5 LTM Advanced Trust Store
• GSK Trust Store
• IBM DataPower Trust Store
• JKS Trust Store
• Palo Alto Networks FW Trust Store
• PEM Trust Store
• PKCS#12 Trust Store

This section explains how to create trust stores. These trust stores can then be added to devices and if you want, provisioned automatically.