Certificate Management

Certificate management is handled by a service available to client applications that need to validate certificates and private keys for operations such as VPN access, Wi-Fi access, and SSL webpage access.


The certificate manager service (certmgr_pps) provides a centralized service that offers certificate and private key-related operations to services and applications, such as S/MIME, VPN, Wi-Fi and the web browser. In this QNX CAR release, certificate management is used only by the web browser for authenticating SSL website certificates.

Adding a certificate

Certificates are stored at /var/certmgr. This directory includes subdirectories for the various services and applications that require certification management. Each sub-directory contains user_trusted directory sub-directories with the trusted certificates. For example: /var/certmgr/web/user_trusted/.

PPS objects

The certification manager uses the following PPS object: /pps/services/certmgr/control. With the current release, this object is used only for QNX CAR internal communications; third-party applications don't need to publish or subscribe to it.

Browser behavior

The images below show how the browser displays information about certificates to the user.

Figure 1. The browser on a page with an authenticated certificate. To the left of the URL, the blue lock icon indicates that the certificate manager authenticated the page's certificate.
Figure 2. The warning shown by the browser when it encounters a website whose certificate it can't authenticate.
Figure 3. The browser inteface that allows the user to choose to allow a webpage with an unauthenticated certificate to load.
Figure 4. A webpage with an unauthenticated certificate. To the left of the URL, the red exclamation mark indicates that the certificate manager couldn't authenticate the page's certificate.