This section describes how to view trusted certificate authorities
and display default keys within a key database.
About this task
A trusted certificate authority (CA) issues and manages public keys
for data encryption. A key database is used to share public keys that are
used for secure connections. The tasks that follow show how to view the certificate
authorities that are in your database, along with their expiration dates.
Procedure
- Display the default key entry as follows:
- Start the IKEYMAN
user interface.
- Click Key Database File from the main UI, then click Open.
- Enter your key database name in the Open dialog box, or click
the key.kdbfile, if using the default. Click OK.
- Enter your password in the Password Prompt dialog box, then
click OK.
- Click Personal Certificates in the Key Database content
frame, and click the CA certificate label name.
- Click View/Edit and view the certificate default key
information in the Key Information window.
- Display a list of trusted certificate authorities (CAs) in a key
database as follows:
- Start the IKEYMAN
user interface.
- Click Key Database File from the main UI, then click Open.
- Enter your key database name in the Open dialog box, or click key.kdb if
you are using the default.
- Enter your correct password in the Password prompt dialog box,
and click OK.
- Click Signer Certificates in the Key database content
frame.
- Click Signer Certificates, Personal Certificates,or Certificate
Requests, to view the list of CAs in the Key Information window.
What to do next
When the
<ihsinst>/java/jre/lib/ext/gskikm.jar file
has not been removed, the version of iKeyman that is provided by the bundled Java™ Runtime
Environment (JRE) does not add a default list of signer certificates to newly-created
key databases. Add default signer certificates in iKeyman, as follows:
- Select Signer Certificates from the drop-down menu in the iKeyman
window.
- Click the "Populate" on the right-hand side of the iKeyman window.
- Click the grey boxes next to the certificate authority names (Entrust,
RSA Data Security, Thawte, Verisign) so they display as checked.
- Click OK.