Usage Scenario
CAs are responsible for issuing digital certificates. The world-wide trusted CA is called a root CA. The root CA can authorize other CAs as subordinate CAs. The CA identity is described in a trusted-CA file. To ensure communications security, run the trusted-ca load command to load a trusted-CA file.
Prerequisites
The ssl policy command has been used in the system view to create an SSL policy.
Configuration Impact
If a user suffers a loss after the trusted-CA file is loaded, the user can use the file as an evidence to seek legal actions against CA.
Precautions
A maximum of four trusted-CA files can be loaded to an SSL policy.
If the PEM trusted-CA file loaded to an SSL policy is not in X.509v3 format, the system displays a message indicating risks and recommending X.509v3 trusted-CA files. You can also run the display security risk feature ssl command to view the risk message.