@@ -34,6 +34,12 @@ certficate signed by an external CA.
3434 errors) if an incorrect certificate type is used. For example, you can use either a server certificate or a
3535 combined client/server certificate to secure the connection to the web interface, but not a CA or client certificate.
3636
37+ .. warning ::
38+ "Store intermediate" (:menuselection: `System --> Trust --> Settings `) is disabled by default on our setups,
39+ which means none of the intermediates is being deployed in our trust store.
40+ When inserting a new certificate manually which needs an intermediate to validate, you do have to include
41+ the intermediates to prevent validation issues in the gui.
42+
3743
3844---------------------
3945Settings
@@ -46,7 +52,7 @@ For compliance reasons, it is possible to implement certain constraints when a d
4652 **Options ** **Description **
4753===================================== =======================================================================================================================
4854Store intermediate Allow local defined intermediate certificate authorities to be used in the local trust store.
49- We advise to only store root certificates to prevent cross signed ones causing breakage when included
55+ Be careful with deploying intermediate certificats as cross signed ones may causing breakage when included
5056 but expired later in the chain.
5157Store CRL's Store all configured CRL's in the default trust store. If the client or service support CRL's,
5258 deploying to the default location eases maintenance.
@@ -60,6 +66,7 @@ Configuration constraints When enabled, you can set some default cip
6066 Applications are not forced to use a standard context, depending the application, custom constraints may
6167 or may not have any effect.
6268
69+
6370---------------------
6471Revoke certificates
6572---------------------
0 commit comments