Add a new certificate from a trusted Certificate Authority. If more than one CA is included in the PKI profile then, a client’s certificate must match with one of them to be considered as valid.
A client’s certificate must match the CA as the root of the chain. If the presented certificate has an intermediate chain then, each link in the chain must be included here.
Enable Ignore Peer Chain to ignore intermediate validation checking.
For more information on configuring CA in a PKI Profile, see Creating PKI Application Profile.