The Certificate Store contains the certificates that are trusted by the terminal emulator client and the Management and Security Server.
Select Terminal Emulator Clients or Management and Security Server to filter the view of trusted certificates.
Clients that make a TLS/SSL connection to a host or Security Proxy must trust the host or proxy certificate. This panel presents a list of root certificates trusted by the terminal emulator applet.
The table lists the certificates that have been imported to the terminal emulator applet's trusted list. To view details about the certificate, click the certificate's Friendly name.
With Terminal Emulator Clients selected, click +Import.
Enter the keystore file name, password, and friendly name.
Note: Make sure the file containing the certificate is on the Administrative Server in this folder:
/var/opt/microfocus/mss/mssdata/certificates
Click Import to add the certificate.
Restart the MSS Administrative Server.
See Trusted Root Certificate Authorities (collapsed by default).
This collection of certificates includes CA certificates used to authenticate X.509 clients and to establish other servers as known and trusted to the Management and Security Server. To view details, click the certificate's Friendly name.
This collection is used for the following features:
X.509 with Fallback to LDAP authentication: Add CA certificate(s) needed to authenticate end-user certificates, such as a certificate stored on a smart card.
For these features, certificates are added to establish the other server as known and trusted.
Automated Sign-On for Mainframe: Add a certificate(s) to establish trust of a Mainframe host.
Replication: Add certificate(s) to trust other MSS servers used in Replication.
Micro Focus Advanced Authentication (MFAA): Add certificate(s) to trust the MFAA host.
Server certificates from other servers should be included in this certificate collection.
With Management and Security Server selected, click +Import.
Enter the keystore file name, password, and friendly name.
Note: Make sure the file containing the certificate is on the Administrative Server in this folder:
/var/opt/microfocus/mss/mssdata/certificates
Click Import to add the certificate.
Restart the MSS Administrative Server.
IMPORTANT:When X.509 with Fallback to LDAP authentication is used in conjunction with other Management and Security Server features that also use the certificates in this collection (such as Automated Sign-On for Mainframe), use caution to ensure that trust is not inadvertently broadened and granted to unintended end-user clients.
See Trusted Root Certificate Authorities (collapsed by default).
This table lists the set of commonly used root certificates in Management and Security Server. To view details about a root certificate, click its Friendly Name.
If a trusted CA root certificate expires or is compromised, you may need an update.
NOTE:If certificate changes are needed by Windows-based clients to perform X.509 authentication, you must restart the Management and Security Server for the changes to take effect.