Trusted Certificates are available in the Control Panel.
Here you can upload additional trusted CA certificates that are needed in case you use your own PKI infrastructure. They are used to validate SMTP server certificates and alert notification hooks - should they use SSL.
CA certificates in the Mozilla CA list (i.e Firefox) and Linux distributions' default trusted CA lists are trusted by default and are not listed here. Only CA certificates that have the Basic Constraint: ca = true flag set can be uploaded, therefore end certificates are not accepted, with the exception of self-signed certificates.
Required format is X.509 certificate in PEM or DER format. Usually they have the extension of .crt, .cert, .cer, .pem. The PEM encoded file starts with “-----BEGIN CERTIFICATE-----”.