Importing an external root CA

Instead of Creating a root CA in PKIaaS, you can import an existing root CA.

To import an external root CA:

1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:

   • Owners
   • CA Administrators

2. Click Certificate Authorities in the sidebar.

   

3. Click ADD in the Certificate Authorities tab.

4. Select External Root Authority in the CA Type list.

   

5. Complete the following values.

   • CA Identifier
   • Friendly Name
   • Root CA Certificate

6. Click Create.

7. Check the details of the created CA.

CA Identifier

Write a unique identifier for the new CA in your PKI hierarchy. This identifier:

• Must be 2-18 characters long
• Can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_')

ℹ After deleting a CA, wait 24 hours before creating a CA with the same identifier.

Friendly Name

Write a descriptive name for the CA in your PKIaaS partition.

Root CA Certificate

Click Choose File and select the file containing the Certificate Signing Certificate of the external CA.