A majority of certificates issued to publicly facing web sites and services have certificates that are issued by well-known public certificate authorities. This list includes but is not limited to: Symantec, Comodo, GoDaddy, and Global Sign. Most contemporary web browsers trust a selection of public certificate authorities as well as the intermediary certificate authorities that they have acquired. The CA API Gateway does not implicitly trust these certificates without administrative intervention. This article will prescribe the steps necessary to institute this trust. Please note that this capability is non-functional and not available until version 7.0.0 of the CA API Gateway.
The Gateway does not trust the global external certificate authority infrastructure by default.
Subsequent requests to systems, servers, or services using certificates signed by the broad spectrum of public CAs will now be trusted. Please note that this trust relationship can be exploited by malicious users leveraging leaked CA signing keys. While the possibility of this being exploited is low--it is discussed in-depth in an online discussion found here. Use caution when enabling this capability in a trusted zone.