Importing an external root authority

See below for how to import a root certificate authority that has been created outside PKIaaS.

To import an external root CA:

1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:

   • Owners
   • CA Administrators

2. Click Certificate Authorities in the sidebar.

   

3. Click Add and select Certificate Authority.

4. Select External Root Authority.

   

5. Click Add and complete the following values.

   • CA Identifier
   • Friendly Name
   • Signing Key Details

6. Click Create.

7. Check the details of the created CA — for example, the Serial Number of the Certificate Signing Certificate.

CA Identifier

Write a unique identifier for the new CA in your PKI hierarchy. This identifier:

• Must contain 2-18 characters
• Can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_')

ℹ After deleting a CA, wait 24 hours before creating a CA with the same identifier.

Friendly Name

Write a descriptive name for the CA in your PKIaaS partition.

Root CA Certificate

Click Choose File amd select the file containing the Certificate Signing Certificate of the external CA.