Appendix I: Additional PX3TS Information790 If not, you need to find all missing issuer certificates, includingthe root certificate, and upload them to PX3TS.Step 2 -- Find and download the content of missing issuercertificate(s):1. View the name of the issuer (CA) at the bottom. In this example, thisissuer is 'Equifax Secure Certificate Authority'.2. Use the issuer's name 'Equifax Secure Certificate Authority' tosearch for its certificate on the Internet, and then download or copythe content from an authentic source, which is usually its officialwebsite.Important: To prevent the downloaded certificate from beingmodified or manipulated, you must secure the download with TLS viaa trusted certificate.3. As it is found the Equifax Secure Certificate Authority's certificate isself signed by 'Equifax Secure Certificate Authority', which indicatesit is the root CA, there are no more missing certificates to search for.Step 3 -- Upload the missing certificate(s) to PX3TS:1. Paste the root certificate's content into a plain text file that will beuploaded to PX3TS. Content copying must include the lines of "BEGIN CERTIFICATE"and "END CERTIFICATE".2. Save that file as a.pem,.crt or.cer file. In this example, it is namedas "my-root.pem."3. Upload the file "my-root.pem" to PX3TS for using the GMAIL SMTPservice.Note: If your SMTP server requires the upload of a certificate filecomprising multiple certificates, make sure the order of thesecertificates is correct in the file. See What is a Certificate Chain(onpage 783).IMPORTANT NOTE:If your SMTP server provides a full certificate chain, you should besuspicious whether any attacker fakes the certificate chain and doubtwhether the root certificate on that server is authentic. It is STRONGLYrecommended to download the root certificate from an authentic source,which is usually the root CA's website, rather than from the server youwant to connect.
