InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa keyring
When a certificate authority issues you a signed certificate for a
server, you need to place that certificate in that server's keyring.
The certificate is used by the server to authenticate its identity and
to distribute its public key. This file describes how to place a new
certificate (either a test or a production certificate) into a keyring
using the iKeyman tool.
To place a signed certificate into a server's keyring, complete the
following steps:
- When you receive e-mail from the CA containing your certificate,
save the message into a file. In this example, the certificate
was saved to a file called PolicyServer1.responseMail.arm.
- Start the IBM Key Management tool. This displays the IBM
Key Management window.
java -Dkeyman.javaOnly=true com.ibm.gsk.ikeyman.Ikeyman
- Open a destination key database file by selecting Key Database File
--> Open from the menu bar.
- Enter the name and location of the keyring file at the prompt.
- Click the OK button to continue.
- Click on the certificate types pull-down list beneath Key Database
Context, and select Personal Certificates (the default).
- Click the Receive... button.
- The Receive Certificate from a File dialog window is displayed.
Enter the name of the file containing the saved e-mail.
You can also use the Browse... button to find and select the file.
- Click the OK button to continue to add the certificate in the
file to the previously selected keyring.
- Optionally, to verify that the certificate has been added, click the
View/Edit... button in the main window.
At this point, the server's keyring contains both its private key
(which was generated as part of requesting the certificate) and the
certificate.
|
|