IMPORTANT: The list of certificate authorities is vital for the SSL Scanner feature. It controls whether a certificate authority is trusted or not. Because the SSL Scanner feature causes the browser internal certificate authority lists to no longer be recognized, the list on SWG must be recent. We also recommend that an administrator validate the list entries. Then, you can make sure that the listed certificate authorities are ones that your company trusts.

The Trellix Online Rule Set Library contains rule sets that help to update the list. You can decide whether you want to manually update the list from time to time, automatically update the list, or maintain the list on your own.

Manually Update or Maintain the List
Follow the documentation attached to the Updated Certificate Authorities rule set to learn how to manually update your list to the latest version.

After you finish updating the list, you can maintain the list manually. If you want to perform another update to a newer version later, follow the instructions again.

Automatically Update the List
If you don't want to manage the list of certificate authorities, you can accept our recommended defaults. To create a subscribed list where the content is supplied by us, see KB83780 - How to create a McAfee maintained known Certificate Authority list.