InfoCenter Home >
5: Securing applications -- special topics >
5.5: Tools for managing keys >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa keyring

5.5.6.2.3: Placing a signed digital certificate into a keyring

When a certificate authority issues you a signed certificate for a server, you need to place that certificate in that server's keyring. The certificate is used by the server to authenticate its identity and to distribute its public key. This file describes how to place a new certificate (either a test or a production certificate) into a keyring using the iKeyman tool.

To place a signed certificate into a server's keyring, complete the following steps:

  1. When you receive e-mail from the CA containing your certificate, save the message into a file. In this example, the certificate was saved to a file called PolicyServer1.responseMail.arm.
  2. Start the IBM Key Management tool. See article 5.5.6.2, The IBM Key Management tool, for instructions. This displays the IBM Key Management window.
  3. Open a destination key database file by selecting Key Database File --> Open from the menu bar.
  4. Enter the name and location of the keyring file at the prompt and click Open. The password prompt dialog box is displayed.
  5. Enter the keyring's password and click OK to continue. The IKeyman window is displayed. The title bar shows the name of the key database file you selected, indicating that the file is open.
  6. Click on the certificate types pull-down list beneath Key Database Context, and select Personal Certificates (the default).
  7. Click the Receive button. The Receive Certificate from a File dialog window is displayed.
  8. Click Data Type and select the data type of the signed digital certificate. Emailed certificates are generally Base64-encoded ASCII.
  9. Enter the name of the file containing the saved e-mail. You can also use the Browse button to find and select the file.
  10. Click the OK button to continue to add the certificate in the file to the previously selected keyring. The Enter a Label dialog box is displayed.
  11. Type a label for the new signed digital certificate and click OK. The IBM Key Management window is displayed. The Personal Certificates field shows the label of the signed digital certificate you just added.

At this point, the server's keyring contains both its private key (which was generated as part of requesting the certificate) and the certificate.

Go to previous article: iKeyman: Certification requests Go to next article: Making keyrings accessible

 

 
Go to previous article: iKeyman: Certification requests Go to next article: Making keyrings accessible