InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa key store file
5.5.6.2.3: Placing a signed digital certificate into
a key store file
When a certificate authority issues you a signed certificate for a
server, you need to place that certificate in that server's key store file.
The certificate is used by the server to authenticate its identity
and to distribute its public key. This article describes how
to place a new certificate (either a test or a production certificate)
into a key store file using the iKeyman tool.
To place a signed certificate into a server's key store file, complete the
following steps:
- When you receive e-mail from the CA containing your certificate,
save the message into a file. In this example, the certificate
was saved to a file called PolicyServer1.responseMail.arm.
- Start the IBM Key Management tool. See article 5.5.6.2, The IBM Key Management tool,
for instructions. This displays the IBM
Key Management window.
- Open a destination key database file by selecting Key Database File
--> Open from the menu bar.
- Enter the name and location of the key store file at the prompt and click Open. The password prompt dialog box is displayed.
- Enter the key store file's password and click OK to continue. The IKeyman window is displayed. The title bar shows the name of the key database file you selected, indicating that the file is open.
- Click on the certificate types pull-down list beneath Key Database
Context, and select Personal Certificates (the default).
- Click the Receive button. The Receive Certificate from a File dialog window is displayed.
- Click Data Type and select the data type of the signed
digital certificate. Emailed certificates are generally
Base64-encoded ASCII.
- Enter the name of the file containing the saved e-mail.
You can also use the Browse button to find and select the file.
- Click the OK button to continue to add the certificate in the
file to the previously selected key store file. The Enter a Label
dialog box is displayed.
- Type a label for the new signed digital certificate and click
OK. The IBM Key Management window is displayed. The Personal
Certificates field shows the label of the signed digital certificate
you just added.
At this point, the server's key store file contains both its private key
(which was generated as part of requesting the certificate) and the
certificate.
|
|