InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa keyring

5.5.6.2.3: Placing a signed digital certificate into a keyring

When a certificate authority issues you a signed certificate for a server, you need to place that certificate in that server's keyring. The certificate is used by the server to authenticate its identity and to distribute its public key. This file describes how to place a new certificate (either a test or a production certificate) into a keyring using the iKeyman tool.

To place a signed certificate into a server's keyring, complete the following steps:

  1. When you receive e-mail from the CA containing your certificate, save the message into a file. In this example, the certificate was saved to a file called PolicyServer1.responseMail.arm.
  2. Start the IBM Key Management tool. This displays the IBM Key Management window.
    java -Dkeyman.javaOnly=true com.ibm.gsk.ikeyman.Ikeyman
    

  3. Open a destination key database file by selecting Key Database File --> Open from the menu bar.
  4. Enter the name and location of the keyring file at the prompt.
  5. Click the OK button to continue.
  6. Click on the certificate types pull-down list beneath Key Database Context, and select Personal Certificates (the default).
  7. Click the Receive... button.
  8. The Receive Certificate from a File dialog window is displayed. Enter the name of the file containing the saved e-mail. You can also use the Browse... button to find and select the file.
  9. Click the OK button to continue to add the certificate in the file to the previously selected keyring.
  10. Optionally, to verify that the certificate has been added, click the View/Edit... button in the main window.

At this point, the server's keyring contains both its private key (which was generated as part of requesting the certificate) and the certificate.

Go to previous article: iKeyman: Certification requests Go to next article: Using the CA certificate

 

 
Go to previous article: iKeyman: Certification requests Go to next article: Using the CA certificate