Why and when to perform this task
Use this procedure to extract a certificate (which includes its
public key) from the (source) key database file to be added as a signer certificate
in the (target) key database file.
This procedure forms the first
stage of copying a certificate from one key database file to another. If the
target key database file already contains the signer certificate of the certificate
authority used to sign the certificate that is to be copied, you do not need
to add the certificate to the target key database file. In general, you need
to complete this procedure only for a self-signed certificate to support SSL
between a client and a server, as in the following cases:
- For a CORBA C++ client, if the client and target server are configured
to enable SSL client certificate association.
- The C++ client is to use the client certificate to create secure connections
with the server.
Note:
- Extracting a certificate from one key database file and adding it to another
key database file is not the same as exporting the certificate and then importing
it. Exporting a certificate copies all of the certificate information, including
its private key, and is normally only used if you want to copy a personal
certificate into another key database file as a personal certificate.
- If a certificate is self-signed, you need to extract the certificate (which
includes its public key) and add it into the target key database file.
- If a certificate is CA-signed, verify that the CA certificate used to
sign the certificate is listed as a signer certificate in the target key database
file. For example, to check that the CA certificate for a server certificate
is in a client key database file, complete the following steps:
- Write down the label names of the CA certificates from the client key
database's signer certificates.
- Verify the client's signer certificates against the list of signer certificates
in the server key database file.
- If the CA certificate used to sign the client certificate is not listed
in the server key database file, you can use this procedure to extract the
CA certificate from the client key database file and add it to the server
key database file.
To extract a certificate from a key database file (into a temporary
file), complete the following steps: