This page describes the process of importing Trusted Root CA Certificates, using either the File Upload or Copy and Paste methods.

Most Certificate Vendors sign the SBC Edge certificate with an intermediate certificate authority.  There is at least one, but there could be several intermediate CAs in the certificate chain. When importing the Trusted Root CA Certificates, be sure to import the root CA certificate and all Intermediate CA certificates.  Failure to import all certificates in the chain causes the import of the SBC Edge certificate to fail.

Importing a Trusted Root CA Certificate

Before you begin: you must obtain a Trusted Root CA Certificate before you can proceed - your options are:

When importing a new certificate, make sure the root certificate is still valid and hasn't expired.

 

  1. In the WebUI, click the Settings tab.

  2. In the left navigation pane, go to Security > SBC Certificates > Trusted CA Certificates.

    Trusted CA Certificate Table

    When the Verify Status field in the Certificate panel indicates Expired or Expiring Soon, the Trusted CA Certificate must be replaced. The old certificate must be deleted before a new certificate can be successfully imported.

    Certificate Panel

To import a Trusted CA Certificate:

  1. Click the Import Trusted CA Certificate () Icon.

    Import Trusted CA Certificate

  2. Select either Copy and Paste or File Upload from the Modemenu.
    1. If you choose File Upload, use the Browse button to find the file.
  3. Click OK.

Verifying the Trusted Root CA Certificate

In the Trusted CA Certificate Table page:

Trusted CA Certificate Table

 

  1. View the certificate's details by clicking the popup() icon next to the entry you want to view.
  2. Under the the Certificate panel, ensure that the Verify Status field indicates OK.
    If the Verify Status field does not indicate OK, repeat the import steps again to obtain a valid certificate.
  • Trusted Root CA certificates with a 4096 RSA Key are supported, but have not been thoroughly tested.
  • Server (SBC Edge) certificates with a 4096 RSA Key are not supported due to the amount of time required to generate a key and process calls.