View a CA set

If you have already created at least one CA set, the Mutual TLS Edge Truststore UI displays the ones with recently added versions or activated versions first. You can search for any CA set by its name.

To view the details of the existing CA sets:

1. Under CA certificate sets, select the CA set.
   
   

   📘

   Expired and soon to expire certificates

   Notifications about expired certificates (highlighted red) and certificates due to expire in the next 90 days (highlighted yellow) are listed in the CA certificate sets section. These notifications include information about the CA sets they belong to as well as the certificates’ number, name, and the network they're activated on. To view the details, hover over the notifications.

   Account administrators receive incremental notifications for certificates due to expire. For details see, Certificate expiration notifications.

2. On the right, you can view the CA set details:
   • Description you provided during creation
   • CA set id
   • Creation date and time
   • Network information including active version and pending activity
   • List of CA set versions appear on the Versions tab (see Create a CA set version and add certificates)
   • List of CPS certificate slots linked to a CA set and deployment status appear on the Slots tab (see Link or unlink CPS certificate slots in a CA set)
   • List of activities performed on the CA set appear on the History tab

📘

Viewing deleted CA sets

The list also includes deleted CA sets. If you delete a CA set it becomes read-only, which means you can no longer perform any operations on it but you can access the history of its activities.

Create a CA set version

See Create a new version and add certificates.

📘

Active CA set versions

New versions can be created as long as the CA set is not deleted. Any active version of the CA set needs to be deactivated before the CA set can be deleted.

To learn about creating a new version of a CA set, navigate to create a CA set section.

Clone a CA set version

Before cloning a CA set version, review Best practices.

To clone a version:

1. View the CA set.
2. Select the CA set version you want to clone.
3. In the Actions menu select Clone.
4. Click Clone to confirm the action.
5. Edit the cloned version.
6. Save version to confirm the changes.

Edit a CA set version

Before modifying a CA set version, review Best practices.

To edit a CA set version:

1. View the CA set.
2. Select the CA set version.
3. In the Actions menu select Edit. The CA set edition window opens.
4. You can:
   • add certificates
   • remove certificates

📘

You can click Review version changes to verify the undertaken action.

5. Click Save version.

Activate a CA set version

See Activate a CA set version on a network.

Compare CA set versions

When you have more than one version of the CA set, you can compare them to track the differences.

To compare the CA set versions:

1. View the CA set whose versions you want to compare.
2. Select and expand the latest CA set version.
3. In the Actions menu select Compare.
4. Select the CA set versions you want to compare.
5. Click Compare.
   • The removed CA certificates are highlighted in red.
   • The added CA certificates are highlighted in green.
6. Click Close.

Deactivate a CA set version

Before deactivating a CA set version, review Best practices.

To deactivate a CA set (along with all its versions and CA certificates):

1. View the CA set you want to deactivate.
2. Select the CA set version.
3. In the Actions menu, select De-activate.
4. Click Deactivate version X on Staging or Deactivate version X on Production or both, if applicable.
5. Click Close to go back to the CA set details view.

Delete a CA set

You can delete a CA set only if it has no active versions on any network. If there are active versions, deactivate them first, then delete the CA set. You can't delete CA set versions.

📘

When you delete the CA set, it's removed from both staging and production networks and marked as deleted. The deleted CA set is rendered as read-only and can’t be reactivated.

To delete a CA set, its versions, and CA certificates:

1. View the CA set you want to remove.
2. Deactivate the CA set version from each network.
3. In the upper right corner, click Delete CA set.
4. Click Submit. The CA set is deactivated from the production and staging networks.

📘

The deleted CA set is still displayed under CA certificate sets and marked as Deleted. You can view the History of the activities performed on this CA set.