A private Certificate Authority (CA) is a CA that is not included in any public trust list in browsers. When someone browses to a website using a certificate from a private CA, they will see a security warning instead of the website. ShadowTrackr will also flag this: your certificate grade will likely be a "T" (trust issues).
You might have a legitimate use case for a private CA. Common examples include a test or staging version of your website and other development environments.
In these cases, the certificate works fine if you add the private CA to your browser's trust store. But ShadowTrackr scans from the outside and doesn't have your private CA in its trust list, so it will report trust issues.
If you want ShadowTrackr to ignore trust issues for a specific CA, go to your
Settings page and add the exact name of the issuer. The match is case insensitive.
For example, if your certificate is issued by
My Company Internal CA, adding that name will tell ShadowTrackr to stop flagging trust issues for any certificate from that issuer.
Once a custom CA is added:
- Certificates from that CA will no longer be flagged for trust issues
- The certificate grade will no longer be penalized for trust problems related to that specific CA
- All other checks (expiry, key strength, protocol support) still apply
- The change applies to all assets in your organization that use certificates from that CA
This setting pairs with ShadowTrackr's
certificate monitoring. If you're seeing "T" grades in your
reports for known internal CAs, adding them here will clean up your overview.
