InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa key store file

5.5.6.2.3: Placing a signed digital certificate into a key store file

When a certificate authority issues you a signed certificate for a server, you need to place that certificate in that server's key store file. The certificate is used by the server to authenticate its identity and to distribute its public key. This article describes how to place a new certificate (either a test or a production certificate) into a key store file using the iKeyman tool.

To place a signed certificate into a server's key store file, complete the following steps:

  1. When you receive e-mail from the CA containing your certificate, save the message into a file. In this example, the certificate was saved to a file called PolicyServer1.responseMail.arm.
  2. Start the IBM Key Management tool. See article 5.5.6.2, The IBM Key Management tool, for instructions. This displays the IBM Key Management window.
  3. Open a destination key database file by selecting Key Database File --> Open from the menu bar.
  4. Enter the name and location of the key store file at the prompt and click Open. The password prompt dialog box is displayed.
  5. Enter the key store file's password and click OK to continue. The IKeyman window is displayed. The title bar shows the name of the key database file you selected, indicating that the file is open.
  6. Click on the certificate types pull-down list beneath Key Database Context, and select Personal Certificates (the default).
  7. Click the Receive button. The Receive Certificate from a File dialog window is displayed.
  8. Click Data Type and select the data type of the signed digital certificate. Emailed certificates are generally Base64-encoded ASCII.
  9. Enter the name of the file containing the saved e-mail. You can also use the Browse button to find and select the file.
  10. Click the OK button to continue to add the certificate in the file to the previously selected key store file. The Enter a Label dialog box is displayed.
  11. Type a label for the new signed digital certificate and click OK. The IBM Key Management window is displayed. The Personal Certificates field shows the label of the signed digital certificate you just added.

At this point, the server's key store file contains both its private key (which was generated as part of requesting the certificate) and the certificate.

Go to previous article: iKeyman: Certification requests Go to next article: Making key store and trust store files accessible

 

 
Go to previous article: iKeyman: Certification requests Go to next article: Making key store and trust store files accessible