About creating and configuring trust stores

Because certificate trust stores contain trust bundles, it's a good idea to create your certificate trust bundles first. Then you can create and configure a trust store and assign one or more of those bundles to it.

Certificate trust bundles can be assigned to all trust stores of the same type (e.g., PEM, CAPI, or JKS). Anytime you install a trust store of a particular type on a device, all of the whitelisted and blacklisted certificates are already specified.

If you're not quite sure how to create trust bundles, see Creating a certificate trust bundle.

After you've created device objects, then you simply select your device and add and configure one or more trust stores. You can assign an unlimited number of trust stores to a single device and the trust stores can be of the same type (e.g. PEM, JKS, and CAPI).

Regardless of the type of trust store you create, the steps to create a trust store are mostly the same; however, each trust store type includes some unique settings.

1. In the Policy tree, right-click a device.

2. Click Add > Trust Store, and then select the type of trust store you want to add.

   

3. Under General, in the Certificate Trust Store Namebox, type a name for your new trust store, and then add an optional description.

   A strong description can be useful in helping other administrators better understand the purpose of your new object (such as certificates, jobs, credentials, devices, trust stores, etc.), or to remind yourself later why you created it.

4. If the policy that governs this device allows it, add the appropriate certificate trust bundles.