Title: Using the Trust Manager

The Trust Manager is the interface that lets you manage private keys and X.509 certificates in Traction.

Traction uses a private key for How HTTPS Works encryption.

X.509 certificates are used for:

Links to the Trust Manager appear where they are relevant in Traction. For example, in Server Setup | Network, when TLS encryption is enabled:

In the User Directory editor:

and in the mail server configuration interfaces.

and in failed mail tests.

All of these links launch the Manage Trust Store window. This window is the interface to the Trust Manager.

Instructions for managing private keys are provided in the Setting up HTTPS section; instructions for trusting Certification Authorities is provided in the Enabling HTTPS with Required X.509 Client Certificates section. Instructions for using the Trust Manager with other servers, e.g. email servers, are provided here.

Do You Already Know the Certificate You Want to Trust?

If you're a professional system administrator, you may have copies of the certificates for your mail and LDAP servers handy. If so, the Trusted Server Certificates section of the Trust Manager lets you quickly import and manage the certificates.

Importing Certificates

To import a certificate, click the Browse button to locate the .PEM or .CER file on your system, type an alias for it, and press the Add button.

Removing Certificates

To remove a certificate, select it in the list of certificates, and press the remove button.

Letting Traction Capture the Certificate for Your Review

When you try an operation in Traction that requires that you trust a certificate that you have not yet added to your list of trusted certificates, Traction will report an error message and present you with a link to the Trust Manager's Untrusted Certificates page.

For example, you may be testing a mail server configured with STARTTLS. You have entered all the mail settings correctly, but the Test SMTP operation returns an error and a link to the trust manager:

If you get this type of error, click the link to launch the Trust Manager.

The certificate presented by the server you just contacted will be listed (along with any other certificates from other attempts).

From here, you can select the certificate for the server(s) that you wish to trust and click the Add to Trusted Certificates button. When you do this, the certificate will disappear from this list and be added to the list of certificates in the Trusted Certificates section.

If you switch to the Trusted Certificates section:

You will see the certificate you just added listed:

If you repeat the test (whether contacting a mail or LDAP server), it should now succeed without error.

Related Articles
Article: Doc193 (permalink)
Date: March 22, 2008; 4:11:24 PM Eastern Daylight Time

Author Name: Documentation Importer
Author ID: importer