In order to validate certificates, PKI Services Manager must have access to at least one trust anchor and may also require access to additional, intermediate certificates. One available option for storing both trust anchors and intermediate certificates is the PKI Services Manager local store. The default store location is:
Windows: common application data folder\Attachmate\ReflectionPKI\local-store
You can modify this location and/or add additional stores. To do this from the console, use the Local Store pane. In the pki_config file, use the LocalStore keyword.
The trust anchor must be located on the computer running PKI Services Manager. PKI Services Manager can retrieve trust anchors from:
After your trust anchors are installed on the PKI Services Manager host, you must explicitly specify which trust anchors you want PKI Services Manager to use for certificate validation. PKI Services Manager cannot validate any certificate until the correct trust anchor for that certificate has been added to this list. To configure trust anchors from the console, use the Trusted Chain pane. To configure trust anchors using the pki_config file, use the TrustAnchor keyword.
Depending on your configuration, PKI Services Manager can retrieve intermediate certificates from one or more of the following:
To configure which locations PKI Services Manager searches from the console, use Trusted Chain pane. In the pki_config file, use the CertSearchOrder and CertServers keywords.