Importing an External Certification Authority

1. Log in to the Stream Administration Interface.

2. Go to Certification Authorities > External CAs and click on add_external_ca.

3. You need to provide the X509 CA Certificate, either by pasting it directly into the box or by importing the file. PEM and DER formats are supported. Then click "Next".

4. In the Details tab, check if the details that were parsed from the certificate match those of the CA you wish to import. If it does, click "Next".

5. In the Configuration tab, you can

  • Add a CRL

  • Edit the Refresh period

  • Edit the Timeout timer

  • Configure a proxy

  • Toggle whether the external CA should be trusted for server authentication or client authentication

  • Specify the Outdated Revocation Status Policy

6. You can finally click the "Import" button in the bottom right corner to import your CA.

If everything was ok, you should see your CA marked as external if you go to Certification Authorities > Trust chains:

Stream Trust Chain Menu