Trusted Certificate Authorities

A key component to the X.509 PKI is the certificate authority (CA). By default, FMOS trusts the certificate authorities selected by the Mozilla Foundation. These authorities have undergone an audit and comply with the security policies in the Mozilla CA Certificate Inclusion Policy.

To include additional certificate authorities to the list of CAs trusted by FMOS, use the following command:

fmos pki import-ca mycacert.crt

Software that uses the system trust store, including SIP, will now trust the new CA.

For the change to take effect on an machine running the application server, the service will need to be restarted using the following command:

fmos restart as