1. Click Security and then go to Certificates > Trusted Certificate Groups.
  2. Click + Add Trusted Certificate Group.
  3. Drag a certificate into the box that appears.
  4. In the Name field, enter a name for the group.
  5. To set the new group to include the Java Trust Store group, select the Use Java Trust Store check box..

    Select this option if you create your own intermediate certificate authority (CA) certificate that is signed by a well-known CA in the Java Trust Store.

  6. To allow PingAccess to ignore date-related errors for certificates that are not yet valid or have expired, select the Skip certificate date check checkbox.
  7. To check the client certificate revocation status using certificate revocation list (CRL), select the Enable CRL checking check box .
  8. To check the client certificate revocation status using Online Certificate Status Protocol (OCSP), select the Enable OCSP check box.

    If both CRL checking and OCSP are enabled, OCSP checking is used preferentially, and CRL checking is used if OCSP fails.

  9. To deny access when any certificate in the certificate chain cannot be verified using its CRL endpoint, select the Deny revocation status unknown checkbox.
  10. Click Add.
  11. Optional: Add additional certificates to the new trusted certificate group by dragging them into the group.