Trusted Chain Pane

Use the Trusted Chain pane to determine which certificates PKI Services Manager uses to verify the authenticity of certificates presented by authenticating parties.

Trust Anchors

Trusted Anchor

Lists your trust anchors.

Click Add to add a certificate to the list. You can add a certificate from your local store or the Windows certificate store. You can also specify a certificate file that's not in any store.


Click Edit to configure certificate-specific settings for revocation or identity mapping. Certificate-specific settings override the global settings configured using the Revocation and Identity Mapper panes.


Use Clone if you have configured certificate-specific settings and you want to add a new certificate that will use all or most of these settings.

Select the certificate and click Clone. This displays the Add Trust Anchor dialog box, which you can use to add the new certificate. From the Add Trust Anchor dialog box, click Properties to view or modify the cloned settings.

Search order to use when building path to trust anchor

certificate search list

Specifies where PKI Services Manager searches for intermediate certificates. Selected locations are searched in order.

Certificate servers

Certificate servers

Lists servers from which PKI Services Manager can retrieve intermediate certificates. To add a server to the list, select "Certificate servers" under Search order to use when building path to trust anchor, and click Add. You can specify either an HTTP or an LDAP server.