Extracting a certificate from a CORBA C++ client key database file

Before you begin

The key database file must already exist and contain the certificate to be extracted.

Why and when to perform this task

Use this procedure to extract a certificate (which includes its public key) from the (source) key database file to be added as a signer certificate in the (target) key database file.

This procedure forms the first stage of copying a certificate from one key database file to another. If the target key database file already contains the signer certificate of the certificate authority used to sign the certificate that is to be copied, you do not need to add the certificate to the target key database file. In general, you need to complete this procedure only for a self-signed certificate to support SSL between a client and a server, as in the following cases:

To extract a certificate from a key database file (into a temporary file), complete the following steps:

Steps for this task

  1. Start the IBM Key Management tool as described in Starting the IBM Key Management tool.
  2. Open the key database file (filename.kdb) for the server or client for which you want to request a CA-signed certificate. To open the key database file, either click Open a key database file or select Key Database File > Open from the menu bar. Type the name and location of the key database file at the prompt.
  3. Click OK. This opens the Password Prompt window.
  4. Type the password used to create the key database file.
  5. Click OK.
  6. The title bar of the IBM Key Management window shows the name of the key database file that you selected and indicates that the key database file is open and ready.
  7. Beneath Key Database Context, select Personal Certificates (the default) from the Certificate types menu. To copy a signer certificate from the key database file, click Signer.
  8. Select the certificate you want to extract.
  9. Click Extract certificate. (If you selected Signer, click Extract.) The Extract a Certificate to a File window is displayed. Proceed with the remaining steps.
  10. Click Data type and select a data type, such as Base64-encoded ASCII data (the default). The data type needs to match the data type of the certificate stored in the certificate file. The IBM Key Management tool supports Base64-encoded ASCII files and binary DER-encoded certificates.
  11. Type the certificate file name and location where you want to store the certificate, or click Browse to select the name and location.
  12. Click OK. The certificate is written to the specified file and the IBM Key Management is displayed.

What to do next

Continue with the next step in the overview procedure article, Enabling SSL security between a CORBA C++ client and an EJB server.

Related tasks
Enabling SSL certificate security between a CORBA C++ client and an EJB server
Starting the IBM Key Management tool



Searchable topic ID:   tcor_ssl13
Last updated: Jun 21, 2007 8:07:48 PM CDT    WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/corba/tasks/tcor_ssl13.html

Library | Support | Terms of Use | Feedback