Trust Store

The SSL Certificate Enhancement feature in GigaVUE-FM ensures secure communication between GigaVUE-FM and the devices added to GigaVUE-FM. The Trust Store page in GigaVUE-FM enables security by maintaining a list of certificates provided by the devices. To add new devices to GigaVUE-FM and to manage the existing devices, you must add the root CA certificate of the respective devices to the Trust Store.

Click the Enable Secure Access button in the Trust Store page to enable and disable secure access:

■   If you enable security, GigaVUE-FM performs the following:
o   Verifies if the root CA certificate of the device is available in GigaVUE-FM.
o   Adds the device only if the certificate is signed by an authorized CA.
o   Verifies the chain of custom certificates, as required.
■   If you disable security, GigaVUE-FM adds the devices without any validation.

IMPORTANT RECOMMENDATION: Prior to adding the public certificates of the devices to the Trust Store, you must ensure to do the following:

■   Login to the devices and add the private key and certificate of the devices through CLI/Console into each of the devices. Use the cryptoCLI command for adding the keys and certificates. Refer to the GigaVUE-OS CLI Reference Guide for detailed information.
■   Login to GigaVUE-FM CLI and add the private key and certificate of GigaVUE-FM through CLI/Console (into GigaVUE-FM).

Cloud Solution: The GigaVUE-FM communicates with cloud platforms like OpenStack, and Nutanix through an encrypted connection secured by Secure Sockets Layer (SSL). To ensure that SSL certificates provided by these platforms are valid and trusted, you must enable the Trust Store on your GigaVUE-FM and add the certificate of Root Certificate Authority (Root CA) to the Trust Store. This process helps your GigaVUE-FM verify the authenticity and integrity of SSL certificates, ensuring secure data transmission. Any updates to the Trust Store, require a FM process (CMS) restart.

To access the Trust Store Page, click and select Certificates > Trust Store.

To add a certificate to GigaVUE-FM:

1.   Click Add on the Trust Store page. The Add Certificate page appears.
2. Enter an Alias for the certificate.
3. Click Choose File to upload the certificate.
4. Click Add.

The certificate is added to the list view.

You can also perform the following operations:

  • Filter: Click the Filter button to filter the records based on the selected criteria.
  • Delete: Click Actions > Delete to delete the selected entry.
  • Export: Click the Export button to export all or only the selected records in CSV or XLSX file format.

Note:  Revoked certificates can be removed using the delete operation.

Updating Trust Store

With software version 5.12.xx, the default iSSL trust stores have been updated from Mozilla Firefox. Refer to apps inline-ssl in GigaVUE-OS CLI Reference Guide for more information on the commands that update or replace trust store.

If you do not wish to upgrade GigaVUE-OS to the software version 5.12. xx, follow the below instructions on how and where to download the latest Mozilla Firefox trust store, and how to append their additions to override the default trust store during the update.

With software version 6.5.xx, the default iSSL trust stores have been updated automatically.

GigaVUE-OS Version

Customer Trust Store

Gigamon Trust Store (CC*)

with Custom Certificates

Gigamon Trust Store

Prior 5.12.00

No action

Fetch replace trust store.
Fetch append customer's trust store with custom certs
Fetch replace trust store

With 5.12.00

No action

Fetch reset trust store
Fetch reset trust store

With 6.5.00

No action

No action

No action