Trust Store

The SSL Certificate Enhancement feature in GigaVUE-FM ensures secure communication between GigaVUE-FM and the devices added to GigaVUE-FM. The Trust Store page in GigaVUE-FM enables security by maintaining a list of certificates provided by the devices. To add new devices to GigaVUE-FM and to manage the existing devices, you must add the root CA certificate of the respective devices to the Trust Store.

The Trust Store page lets you toggle between enabling and disabling security:

■   If you enable security, GigaVUE-FM performs the following:
o   Verifies if the root CA certificate of the device is available in GigaVUE-FM.
o   Adds the device only if the certificate is signed by an authorized CA.
o   Verifies the chain of custom certificates, as required.
■   If you disable security, GigaVUE-FM adds the devices without any validation.

IMPORTANT RECOMMENDATION: Prior to adding the certificates to the Trust Store, you must ensure to do the following:

■   Login to the devices and add the private key and certificate of the devices through CLI/Console into each of the devices.
■   Login to GigaVUE-FM and add the private key and certificate of GigaVUE-FM through CLI/Console (into GigaVUE-FM).

Use the crypto CLI command for adding the keys and certificates. Refer to the GigaVUE-OS CLI Reference Guide for detailed information.

To access the Trust Store Page, click and select Certificate > Trust Store.

To add a certificate to GigaVUE-FM:

1.   Click Add on the Trust Store page. The Add Certificate page appears.
2. Enter an Alias for the certificate.
3. Click Choose File to upload the certificate.
4. Click Add.

The certificate is added to the list view.

You can also perform the following operations:

  • Filter: Click the Filter button to filter the records based on the selected criteria.
  • Delete: Click Actions > Delete to delete the selected entry.
  • Export: Click the Export button to export all or only the selected records in CSV or XLSX file format.

Updating Trust Store

With software version 5.12.xx, the default iSSL trust stores have been updated from Mozilla Firefox. Refer to apps inline-ssl in GigaVUE-OS CLI Reference Guide for more information on the commands that update or replace trust store.

If you do not wish to upgrade GigaVUE-OS to the software version 5.12. xx, follow the below instructions on how and where to download the latest Mozilla Firefox trust store, and how to append their additions to override the default trust store during the update.

GigaVUE-OS Version

Customer Trust Store

Gigamon Trust Store (CC*)

with Custom Certificates

Gigamon Trust Store

Prior 5.12.00

No action

Fetch replace trust store.
Fetch append customer's trust store with custom certs
Fetch replace trust store

With 5.12.00

No action

Fetch reset trust store
Fetch reset trust store