CA Certificates
CA Certificates are digital credentials used to verify the identity of remote systems by validating the TLS Certificates they present.
For more information on where and how CA Certificates are used, refer to How USP Uses Certificates.
CA Certificate Administration via USP Admin UI
Adding a CA Certificate
To add a CA Certificate, follow these steps:
- From the Sidebar, click Authentication > Certificates.
- Click CA Certificates.
- Click Add CA Certificate.
- Complete the details for the new CA Certificate using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the CA Certificate. |
| Yes |
| Description | The description of the CA Certificate. | No | |
| Certificate | The CA Certificate content. | Must be in PEM format. | Yes |
Editing a CA Certificate
To edit a CA Certificate, follow these steps:
- From the Sidebar, click Authentication > Keys.
- Click CA Certificates.
- Click the row of the CA Certificate you want to edit.
- Click the Edit button above the CA Certificate details.
- Edit the details of the CA Certificate using the Field Descriptions table as a guide.
- Click Save.
If you modify a CA Certificate that is currently in use by a USP Server instance, the changes will not take effect until you manually apply the updated configuration by pushing it to the server. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Updated Configuration column.
- If the changes are correct, click Push Configuration.
CA Certificate Metadata
CA Certificate details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| ID | Universally Unique Identifier of this CA Certificate. |
| Enabled | A Boolean value indicating the status of the CA Certificate. The only possible value is true. |
| Certificate | The CA Certificate content. |
| Created At | Date and time this CA Certificate was created. |
| Updated At | Date and time this CA Certificate was last updated. |
Deleting a CA Certificate
To delete a CA Certificate, follow these steps:
- From the Sidebar, click Authentication > Keys.
- Click CA Certificates.
- Click the row of the CA Certificate you want to delete.
- Click the Delete button above the CA Certificate details.
- You will be asked to confirm the deletion. Click Delete.
USP Manager prevents deletion of a CA Certificate if it is currently referenced by a Configuration Item.
Additionally, if the CA Certificate is used by a USP Server instance, the updated configuration must be manually applied. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Candidate Configuration - Preview section.
- If the changes are correct, click Push Configuration.
The changes do not take effect on the server until this step is completed.