Managing the Certificate DatabaseChapter 14 Managing CMS Keys and Certificates 485Changing the Trust Settings of a CA CertificateCertificate Management System relies on the CA certificates in its certificatedatabase for validating certificates it receives during an SSL-enabledcommunication. For example, when a Certificate Manager is authenticating aRegistration Manager that has sent a certificate signing request, the CertificateManager checks its certificate database to see whether the CA that has signed thecertificate presented by the Registration Manager is included in the database as atrusted CA.You may need to change the status of a currently trusted CA to untrusted (or viceversa) temporarily or permanently. For example, you may be notified that a CA isexperiencing technical difficulty that prevents certificate authentication. By makingthe CA certificate untrusted, you can prevent entities whose certificates have beensigned by that CA from successfully authenticating to Certificate ManagementSystem. You can then return the trust option to trusted when the CA notifies youthat the problem has been resolved.If you want to untrust a CA permanently, you should consider removing itscertificate from the trust database altogether. For instructions, see “Deleting aCertificate From the Certificate Database” on page 484.Changing the trust setting changes the trust flag (or bit) in the CA certificate. Tochange the trust setting of a CA certificate:1. Log in to the CMS window (see “Logging In to the CMS Window” onpage 333).2. Select the Configuration tab, and then in the right pane, select the Encryptiontab.3. Click Manage Certificate.The Certificate Database Management window appears.The window lists the certificates currently installed for the selected CMSinstance; the list is a table, with each certificate occupying a row.