diff --git a/src/main/java/com/nis/util/Constants.java b/src/main/java/com/nis/util/Constants.java
index e72de6877..bf5e9ccab 100644
--- a/src/main/java/com/nis/util/Constants.java
+++ b/src/main/java/com/nis/util/Constants.java
@@ -697,6 +697,8 @@ public final class Constants {
 	public static final String CERT_FILE_PATH=Configurations.getStringProperty("cert_file_path", "");
 	//证书校验文件
 	public static final String CERT_VALIDATE_FILE=Configurations.getStringProperty("cert_validate_file", "x509");
+	public static final String CA_CERT_FILE=Configurations.getStringProperty("ca_cert_file", "cacert.sh");
+	public static final String CA_CERT_DIR=Configurations.getStringProperty("ca_cert_dir", "cacert");
 	//证书校验成功关键字
 	public static final String CERT_VALIDATE_SUCCESS_INFO=Configurations.getStringProperty("cert_validate_success_info", "x509");
 	/**
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
index 60ab00fb5..6fa831906 100644
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -292,6 +292,12 @@ public class PxyObjKeyringController extends BaseController {
 	 * @throws Exception
 	 */
 	public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
+		boolean delTempFile=true;
+		//内置可信证书列表不允许删除
+		if("-cacert".equals(validateType)) {
+			delTempFile=false;
+		}
+		
 		String os = System.getProperty("os.name").toLowerCase();
 		if (!os.contains("windows") && file != null) {
 			// 证书文件临时保存路径
@@ -319,7 +325,7 @@ public class PxyObjKeyringController extends BaseController {
 			// 验证文件
 			logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
 			Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
-
+			
 			if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
 				// 临时文件删除
 				logger.info("delete file" + filePath);
@@ -342,9 +348,14 @@ public class PxyObjKeyringController extends BaseController {
 
 				return false;
 			}
+			
 			// 临时文件删除
-			logger.info("delete file" + filePath);
-			FileUtils.deleteFile(filePath);
+			if(!delTempFile) {
+				resultMap.put("certFilePath", filePath);
+			}else {
+				logger.info("delete file" + filePath);
+				FileUtils.deleteFile(filePath);
+			}
 		}
 		return true;
 	}
@@ -746,7 +757,222 @@ public class PxyObjKeyringController extends BaseController {
 				LogUtils.saveLog(request, null, e, null);
 			}
 		}
+		
+		try {
+			if (validFlag) {
+				validFlag = true;
+				if (crlFileI != null) {
+					// 获取issuer
+					if (certInfoMap != null && certInfoMap.size() > 0) {
+						String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
+								: certInfoMap.get("crl issuer").toString();// 颁发者
+						if (cfg != null) {
+							if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
+								logger.error("cert 和 crl的issuser不符合");
+								throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
+							} else {
+								cfg.setIssuer(issuer);
+							}
+							
+						}
+					} else {
+						logger.error("crl的issuser为空");
+						throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
+					}
+				}
+			}
+		} catch (Exception e) {
+			validFlag = false;
+			logger.error("crl issuer比对失败", e);
+			if (e instanceof MultiPartNewException) {
+				addMessage(redirectAttributes, "error", e.getMessage());
+				LogUtils.saveLog(request, null, e, null);
+			} else {
+				addMessage(redirectAttributes, "error", "save_failed");
+				LogUtils.saveLog(request, null, e, null);
+			}
+		}
+		try {
+			if (validFlag) {
+				if (crlFileI != null) {
+					String filename = crlFileI.getOriginalFilename();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					file = File.createTempFile("file_" + prefix, suffix);
+					crlFileI.transferTo(file);// 复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String, Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
+					srcMap.put("createTime", new Date());
+					srcMap.put("key", prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
+					String crlFileAccessUrl = null;
+					if (!StringUtil.isEmpty(result)) {
+						ResponseData data = result.getData();
+						crlFileAccessUrl = data.getAccessUrl();
+						cfg.setCrlFile(crlFileAccessUrl);
+					}
+				}
+				pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
+				
+				addMessage(redirectAttributes, "success", "save_success");
+			}
+			
+		} catch (Exception e) {
+			logger.error("crl上传失败", e);
+			if (e instanceof MaatConvertException) {
+				addMessage(redirectAttributes, "error", "request_service_failed");
+				LogUtils.saveLog(request, null, e, null);
+			} else if (e instanceof MultiPartNewException) {
+				addMessage(redirectAttributes, "error", e.getMessage());
+				LogUtils.saveLog(request, null, e, null);
+			} else {
+				addMessage(redirectAttributes, "error", "save_failed");
+				LogUtils.saveLog(request, null, e, null);
+			}
+		}
+		
+		return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
+	}
+	@RequestMapping(value = { "/addBuiltInCert" })
+	public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
+			@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
+			RedirectAttributes redirectAttributes) {
+		boolean validFlag = true;
+		try {
+			if(crlFileI != null) {
+				//校验证书格式
+				boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
+				if (!certFileflag) {
+					addMessage(redirectAttributes, "error", "save_failed");
+					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
+					throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error"));
+				}
+			}
+		} catch (Exception e) {
+			validFlag = false;
+			logger.error("证书文件校验失败", e);
+			if (e instanceof MaatConvertException) {
+				addMessage(redirectAttributes, "error", "request_service_failed");
+				LogUtils.saveLog(request, null, e, null);
+			} else if (e instanceof MultiPartNewException) {
+				addMessage(redirectAttributes, "error", e.getMessage());
+				LogUtils.saveLog(request, null, e, null);
+			} else {
+				addMessage(redirectAttributes, "error", "save_failed");
+				LogUtils.saveLog(request, null, e, null);
+			}
+		}
+		
+		//2、调用脚本生成pem文件
+		//./cacert.sh tls-ca-bundle.pem  /home/ddm/cacert
+		String certFilePath="";
+		String resultDirPath="";
+		try {
+			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) {
+				certFilePath=certInfoMap.get("cacert").toString();
+				
+				String cacert = Thread.currentThread().getContextClassLoader()
+						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
+				this.execShell("", "chmod", "+x", cacert);
+				logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
+						
+				String resultDir = Thread.currentThread().getContextClassLoader()
+						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath();
+				this.execShell(cacert, certFilePath,resultDir);
+				logger.info("内置证书文件生成："+cacert + " " + certFilePath+" "+resultDir);
+			}
+			//删除临时文件
+			if(!StringUtil.isEmpty(certFilePath)) {
+				logger.info("delete file" + certFilePath);
+				FileUtils.deleteFile(certFilePath);
+			}
+		} catch (Exception e) {
+			validFlag = false;
+			logger.error("可信证书列表解析失败", e);
+			addMessage(redirectAttributes, "error", "save_failed");
+			LogUtils.saveLog(request, null, e, null);
+		}
+		
+		//文件上传minio-入库-下发
+		if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
+			File fileDir=new File(resultDirPath);
+			if(!StringUtil.isEmpty(fileDir.listFiles())) {
+				for (File file : fileDir.listFiles()) {
+					try {
+						String filename = crlFileI.getOriginalFilename();
+						String prefix = FileUtils.getPrefix(filename, false);
+						String suffix = FileUtils.getSuffix(filename, false);
+						file = File.createTempFile("file_" + prefix, suffix);
+						crlFileI.transferTo(file);// 复制文件
+						String md5 = FileUtils.getFileMD5(file);
+						Map<String, Object> srcMap = Maps.newHashMap();
+						srcMap.put("filetype", suffix);
+						srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
+						srcMap.put("createTime", new Date());
+						srcMap.put("key", prefix);
+						srcMap.put("fileName", filename);
+						srcMap.put("checksum", md5);
+						ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+						logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
+						String crlFileAccessUrl = null;
+						if (!StringUtil.isEmpty(result)) {
+							ResponseData data = result.getData();
+							crlFileAccessUrl = data.getAccessUrl();
+							cfg.setCrlFile(crlFileAccessUrl);
+						}
+						/*pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);*/
+					} catch (Exception e) {
+						validFlag = false;
+						logger.error("证书文件校验失败", e);
+						if (e instanceof MaatConvertException) {
+							addMessage(redirectAttributes, "error", "request_service_failed");
+							LogUtils.saveLog(request, null, e, null);
+						}else {
+							addMessage(redirectAttributes, "error", "save_failed");
+							LogUtils.saveLog(request, null, e, null);
+						}
+					}
+				}
+			}
+			
+		}
+		
+		
+		//3、返回文件成功个数。
+		
+		
+		/*File file = null;
+		boolean validFlag = true;
+		try {
+			if (crlFileI != null) {
+				boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
+				if (!certFileflag) {
+					addMessage(redirectAttributes, "error", "save_failed");
+					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
+					throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
+				}
+			}
+		} catch (Exception e) {
+			validFlag = false;
+			logger.error("证书文件校验失败", e);
+			if (e instanceof MaatConvertException) {
+				addMessage(redirectAttributes, "error", "request_service_failed");
+				LogUtils.saveLog(request, null, e, null);
+			} else if (e instanceof MultiPartNewException) {
+				addMessage(redirectAttributes, "error", e.getMessage());
+				LogUtils.saveLog(request, null, e, null);
+			} else {
+				addMessage(redirectAttributes, "error", "save_failed");
+				LogUtils.saveLog(request, null, e, null);
+			}
+		}
 
+		
 		try {
 			if (validFlag) {
 				validFlag = true;
@@ -824,7 +1050,7 @@ public class PxyObjKeyringController extends BaseController {
 				LogUtils.saveLog(request, null, e, null);
 			}
 		}
-
+*/
 		return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
 	}
 
diff --git a/src/main/resources/sql/20190604/proxy_built-in.json b/src/main/resources/sql/20190604/proxy_built-in.json
index f87b3db1a..d55492d67 100644
--- a/src/main/resources/sql/20190604/proxy_built-in.json
+++ b/src/main/resources/sql/20190604/proxy_built-in.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0",
+    "tip": "������id��Ҫ��ȡ",
     "operator": "ceiec",
     "opTime": "2019-06-04 15:09:04",
     "opAction": 1,
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp
new file mode 100644
index 000000000..a5dc09180
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp
@@ -0,0 +1,144 @@
+<%@ page contentType="text/html;charset=UTF-8"%>
+<%@ include file="/WEB-INF/include/taglib.jsp"%> 
+<<script type="text/javascript">
+$(function(){
+	$("#crlFileInfo,#uploadCrlFile").on('click', function() {
+		$("#crlFileI").trigger("click");
+	});
+	$("#crlFileI").on('change', function() {
+		$("#crlFileInfo").val($("#crlFileI").val());
+		/* crlFileValidate(); */
+	});
+});
+
+//增加对文件后缀名验证
+function crlFileValidate(){
+    var flag=false;    //状态，检测文件后缀用
+    var arr=["crl"];
+    var cFile=$("#crlFileI").val();//文件的值
+    //取出上传文件的扩展名
+    var index=cFile.lastIndexOf(".");
+    var ext = cFile.substr(index+1).toLowerCase();
+    //循环比较
+     for(var i=0;i<arr.length;i++)
+     {
+          if(ext == arr[i])
+          {
+           flag = true; //一旦找到合适的，立即退出循环
+           break;
+          }
+     }
+    //条件判断
+   	$("div[for='crlFileInfo']").empty();
+   	$(".alert-error").addClass("hide");
+     if(!flag){
+     	// ("文件名不合法");
+     	$("div[for='crlFileInfo']").empty();
+   		$(".alert-error").removeClass("hide");
+        $("div[for='crlFileInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
+         return false;
+     }
+     return true;
+}
+
+var submitCrlFrom=function(){
+	var crlFile = $("#crlFileI").val();
+	/* if(crlFile!=''){
+		if(!crlFileValidate()){
+			 return false;
+		}
+	} */
+	crlFile=$("#crlFileInfo").val();
+	if((crlFile==null || crlFile=="")){
+		$("div[for='crlFileInfo']").empty();
+   		$(".alert-error").removeClass("hide");
+        $("div[for='crlFileInfo']").append("<label id='level-error' class='error' for='crlFileI'><spring:message code='required'/></label>");
+		return false;
+	}else{
+		$("div[for='crlFileInfo']").empty();
+	   	$(".alert-error").addClass("hide");
+		loading('onloading...');
+		$("#crlForm").submit();
+	}  
+}
+</script>
+<div class="modal fade" id="add_crl_modal" tabindex="-1" role="dialog" aria-labelledby="mo" aria-hidden="true">
+	<form id="crlForm" action="${ctx}/proxy/intercept/strateagy/addBuiltInCert?importPath=${importPath}" method="post" enctype="multipart/form-data" class="form-horizontal"
+		onsubmit="loading('<spring:message code='loading'/>');">
+		<input type="hidden"  id="crlTip" value="<spring:message code='crl_tip'/>">
+		
+		<div class="modal-dialog" role="document" style="width:700px;">
+			<div class="modal-content">
+				<div class="modal-header">
+					<h5 class="modal-title" id="exampleModalLabel">
+						<spring:message code="add_cert_file" />
+					</h5>
+					<button type="button" class="close" data-dismiss="modal"
+						aria-label="Close">
+						<span aria-hidden="true">&times;</span>
+					</button>
+				</div>
+				<div class="modal-body">
+					<div class="alert alert-error hide">
+						<!-- <button class="close" data-dismiss="alert"></button> -->
+						<span><div for="crlFileInfo"></div></span>
+					</div>
+						<!-- 同主表cert配置信息 -->
+						<input type="hidden" name="cfgDesc" value="">
+						<input type="hidden" name="certId" value="">
+						<input type="hidden" name="action" value="1">
+						<input type="hidden" name="isValid" value="1">
+						<input type="hidden" name="isAudit" value="1">
+						<input type="hidden" name="functionId" value="${cfg.functionId }">
+						<input type="hidden" name="serviceId" value="571">
+						<input type="hidden" name="cfgType" value="PXY_PROFILE_TRUSTED_CA_CERT">
+						<input type="hidden" name="cfgRegionCode" value="">
+						<input type="hidden" name="requestId" value="0">
+						<input type="hidden" name="isAreaEffective" value="0">
+						<input type="hidden" name="areaEffectiveIds" value="0">
+						<input type="hidden" name="classify" value="0"/>
+						<input type="hidden" name="attribute" value="0"/>
+						<input type="hidden" name="lable" value="0"/>
+						<input type="hidden" name="issuer" value=""/>
+						<input type="hidden" name="cancelRequestId" value=""/>
+				 		<!-- $(this).attr("crlFile"); -->
+						
+						</br>
+						<div class="col-md-12">
+							<div class="form-group">
+								<label class="control-label col-md-3"><font
+									color="red">*</font><spring:message code="CRL" /> <spring:message code="file" /></label>
+								<div class="col-md-6">
+									<input id="crlFileI" name="crlFileI" type="file"
+										style="width: 330px; display: none" />
+									<div class="input-group">
+										<input id="crlFileInfo" name="crlFileInfo" readonly="readonly"
+											data-msg-required=""
+											placeholder="<spring:message code="select_file"/>"
+											class="required form-control"
+											style="background-color: transparent" aria-required="true"
+											type="text" value="">
+
+										<div class="input-group-btn">
+											<a id="uploadCrlFile" class="btn btn-default btn-search"
+												href="javascript:" style=""><i class="fa fa-search"></i></a>
+										</div>
+										<input id="crlFile" name="crlFile" type="hidden" value=""/>
+									</div>
+								</div>
+								<div id="certInfo"></div>
+							</div>
+						</div>
+				</div>
+					<div class="modal-footer" style="border-top:0px">
+					<button type="button" class="btn red" onclick="submitCrlFrom()">
+						<spring:message code="ok" />
+					</button>
+					<button type="button" class="btn" data-dismiss="modal">
+						<spring:message code="close" />
+					</button>
+				</div>
+			</div>
+		</div>
+	</form>
+</div>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/trustedCertList.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/trustedCertList.jsp
index 402bd5bda..f72fc441a 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/trustedCertList.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/trustedCertList.jsp
@@ -532,6 +532,7 @@
 </div>
 <c:set var="trustedCertPath" value="/proxy/intercept/strateagy/trustedCertList?functionId=${cfg.functionId}"/>
 <!-- crl配置新增 -->
-<%@include file="/WEB-INF/views/cfg/intercept/strateagy/crlForm.jsp" %>
+<%@include file="/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp" %>
+<%-- <%@include file="/WEB-INF/views/cfg/intercept/strateagy/crlForm.jsp" %> --%>
 </body>
 </html>
\ No newline at end of file