Importing the DXL CA Certificate (ca.crt) to ePO

Before to connecting DXL clients, the Certificate Authority (CA) that is vouching for the DXL client certificates must be imported to the ePO server.  This certificate information allows DXL clients to mutually authenticate to brokers before a connection between the two is made.

This procedure requires a ca.crt file. For the procedure to create this file, see Generating a Certificate Authority & Key-Pair.

To import the DXL-signed CA certificate to the ePO server . . .

  1. On ePolicy Orchestrator (ePO) server, navigate to Configuration > Server Settings and select the DXL Certificates setting on the left navigation bar.


  2. Click the Edit button in the lower right corner.

  3. Click the Import button in the Client Certificates section.


  4. Select the Certificate (For example, ca.crt) for the Certificate Authority (CA)  and click the OK.
    The imported Certificate Authority (CA) information will propagate to the DXL brokers. This process can take several minutes to complete.