Secure Global Desktop 4.31 Administration Guide > Security > What certificates does Secure Global Desktop support?

What certificates does Secure Global Desktop support?

The Secure Global Desktop supports Base 64-encoded PEM-format X.509 server certificates for use with Secure Global Desktop security services. These have the following structure:

-----BEGIN CERTIFICATE-----
...
certificate
...
-----END CERTIFICATE-----

Secure Global Desktop supports X.509 certificates that have been signed with any of the following Certificate Authority (CA) certificates (root certificates):

Baltimore CyberTrust Code Signing Root
Baltimore CyberTrust Root
Entrust.net CA
Entrust.net Client CA 1
Entrust.net Client CA 2
Entrust.net Server CA 1
Entrust.net Server CA 2
Equifax Secure CA
Equifax Secure eBusiness CA 1
Equifax Secure eBusiness CA 2
Equifax Secure Global eBusiness CA
GeoTrust Global CA
The Go Daddy Group, Inc. Class 2 CA
GTE CyberTrust Root
GTE CyberTrust Global Root
GTE CyberTrust Root 5
Starfield Technologies, Inc. Class 2 CA
Thawte Personal Basic CA
Thawte Personal Freemail CA
Thawte Personal Premium CA
Thawte Premium CA
Thawte Server CA
http://www.valicert.com
VeriSign Class 1 Public Primary CA - G1
VeriSign Class 1 Public Primary CA - G2
VeriSign Class 1 Public Primary CA - G3
VeriSign Class 2 Public Primary CA - G1
VeriSign Class 2 Public Primary CA - G2
VeriSign Class 2 Public Primary CA - G3
VeriSign Class 3 Public Primary CA - G1
VeriSign Class 3 Public Primary CA - G2
VeriSign Class 3 Public Primary CA - G3
VeriSign Class 4 Public Primary CA - G2
VeriSign Class 4 Public Primary CA - G3
VeriSign/RSA Secure Server

You can use an X.509 certificate from any other CA. However, by default all users are prompted to accept or decline these certificates because they cannot be validated by Secure Global Desktop. With additional configuration you can add support for a new CA, so that users are not prompted and certificates are validated.

Note The CAs supported by the Java™ technology client depends on the configuration of the Java Plug-in. By default, the Plug-in is configured to use the certificates in the browser keystore. If the Plug-in is not configured to do this, you may have to import the CA certificate (root certificate) using the Java Control Panel.

Related topics
Obtaining and installing an X.509 certificate How do I support additional Certificate Authorities? User prompts and X.509 certificates Can I use an X.509 certificate for another product with Secure Global Desktop? Sharing web server and Secure Global Desktop server certificates