System Manager can act as a certificate authority similar to VeriSign and Symantec. Many adopters, such as Communication Manager, Session Manager, and Presence, already use certificates issued by System Manager.

For fresh installations, all Identity Certificates, including SIP and HTTPS, are issued by the System Manager CA. You must install the System Manager trusted root certificates on endpoints that communicate with Session Manager over TLS for the endpoints to trust the Session Manager identity certificate.

Use this checklist for using the Identity Certificates issued by the System Manager.

#	Action	Link
1	Export the System Manager CA.	Exporting the System Manager CA.
2	Add the Root Certificate of the System Manager to Communication Manager.	Adding the System Manager CA to Communication Manager.
3	Add System Manager Root Certificate to 96xx phones.	Adding the System Manager Root Certificate to 96XX phones.
4	Add the System Manager Root Certificate to any other SIP connections, such as CS1K and Radvision.
5	Replace the Session Manager SIP and HTTP Identity Certificates. Note: You must perform this step for all Session Manager and Branch Session Manager servers.	Installing Enhanced Validation Certificates on Session Manager.
6	Remove the SIP CA Root Certificate from all trust lists, such as Communication Manager and phones.	Other Session Manager servers administered under the same System Manager will already trust the new Identity Certificate. Removing trusted certificates.