Re: How to add trusted CA to SMA?

guibarati · ‎06-06-2019

I need the SMA to trust an internal CA so I can use secure LDAP for end user quarantine access but I can't find anywhere how to add a trusted CA to the SMA database. Is there a way to do it?

Ken Stieers · ‎06-07-2019

I'm pretty sure it's in the CLI, you have to use certconfig to do it...

guibarati · ‎06-09-2019

I don't see an option to configure a new trusted CA on the certconfig option.

Maybe the only option is to use an internal certificate on the SMA and upload the certificate chain?

Ken Stieers · ‎06-09-2019

I'm pretty sure that's what you'll need to do, I can't find good docs on it...

I've already got an enhancement request in for them go to steal the cert management code/UI from the WSA team because they got it right and the SMA cert management is a joke.

Paul Thomas Cyblue · ‎06-21-2019

It's been a while using an internal or odd-ball public cert, but maybe the question should be
- does the SMA have any Trust store / perform any validation.

I generally configure the cert and inter via certconfig.
Not the root.

This has been for internal and public certs.
On the ESAs, I add custom internal roots into its Trust store, but no roots on the SMAs.
Never thought about it, so would guess the SMA is not bothered.