Each JACE and Supervisor can also serve as a client. Workbench and the browser are always clients. This topic explains how to set up the Trust Stores.
In addition to the above Trust Stores, you may also need to import certificates into the Java Trust Store (). This is only necessary when connecting in a browser with a Workbench profile that uses a Java applet.
If your only recourse is to email a root certificate, use a heavily encrypted ZIP file and communicate the ZIP file password
over the phone. Otherwise, the receiver of the ZIP file has no way to verify that the ZIP contains the expected certificate.You
could also tell the recipient what the MD5 and SHA 1 fingerprints are so they can verify the values before using the certificate.
To see a certificate’s MD5 and SHA 1 fingerprints, select the certificate in the Key Store and click View.
If you are installing a brand new network, certificate transfer can be done in the shop during initial commissioning of a group of JACEs that will be later installed on site (commission the JACEs first and then install the certificates).
Set up the platform and station Trust Stores
The only certificate to import into the Trust Store for each JACE is the root certificate. Server certificates that have been signed by an intermediate certificate carry the intermediate certificate’s information and public key with them.
-
To view the JACE or Supervisor station’s Trust Store using a Foxs connection, click in the Nav tree.
-
Click the Trust Store tab.
-
Click
and locate the root certificate .pem file and click 
.
Certificate Import displays the certificate details.
-
Confirm that this is the certificate you expect and click OK.
The certificate appears in the Trust Store. All servers that have server certificates signed by the private key associated with this certificate will be trusted automatically.
Follow this procedure for each certificate to be trusted by a client platform/station.
Set up the Workbench Trust Store
-
To view the Workbench Trust Store click and click the Trust Store tab.
-
Click
and locate the certificate .pem file and click 
.
Certificate Import displays the certificate details.
-
Confirm that this is the certificate you expect and click OK.
The certificate appears in the Trust Store. All servers that have server certificates signed by the private key associated with this certificate will be trusted automatically.
Follow this procedure for each certificate to by trusted by Workbench.