See below for adding an external root Certificate Authority (CA) – that is, a root Certificate Authority created outside the Certificate Authority solution.

To add an external root Certificate Authority

1. Open the following URL in a Web browser. 

   https://<machine>/management-console

   Where <machine> is the IP address or domain name of the machine hosting Cryptographic Security Platform.

2. Log in to the Management Console as one of the users created in Creating Certificate Authority tenants. This user will be the tenant of the new root external Certificate Authority.
3. In the content pane, click Manage Solution under Certificate Authority (CA).
   
4. Select Operations in the sidebar.
   
5. Select an organization under Organizations list. 

   See Managing organizations for how to create or join an organization.

6. Click New under Certificate Authority.
7. Configure the following settings. 
   • CA Type
   • CA Identifier
   • Friendly Name
   • Self-Signed Root Certificate
8. Click Submit to create the new Certificate Authority.

CA Type

Click ​External Root Certificate Authority.

Mandatory: Yes.

CA Identifier

Type a unique identifier for the new Certificate Authority within its organization. This identifier:

• Must be 3-18 characters long.
• Can only include lowercase letters, numbers, underscores ("_"), and hyphens ("-").

Mandatory: Yes.

Friendly Name

A friendly name for the new Certificate Authority in the user interface.

Mandatory: No. This optional value defaults to the one assigned to the CA Identifier field.

Self-Signed Root Certificate

Paste the PEM-encoded certificate signing certificate of the external CA – for example:

Mandatory: Yes.