InfoCenter Home >
5: Securing applications -- special topics >
5.5: Tools for managing keys >
5.5.6: Tools for managing certificates and keys >
5.5.6.2: The IBM Key Management tool >
5.5.6.2.3: Placing a signed digital certificate intoa keyring
When a certificate authority issues you a signed certificate for a
server, you need to place that certificate in that server's keyring.
The certificate is used by the server to authenticate its identity
and to distribute its public key. This file describes how
to place a new certificate (either a test or a production certificate)
into a keyring using the iKeyman tool.
To place a signed certificate into a server's keyring, complete the
following steps:
- When you receive e-mail from the CA containing your certificate,
save the message into a file. In this example, the certificate
was saved to a file called PolicyServer1.responseMail.arm.
- Start the IBM Key Management tool. See article 5.5.6.2, The IBM Key Management tool,
for instructions. This displays the IBM
Key Management window.
- Open a destination key database file by selecting Key Database File
--> Open from the menu bar.
- Enter the name and location of the keyring file at the prompt and click Open. The password prompt dialog box is displayed.
- Enter the keyring's password and click OK to continue. The IKeyman window is displayed. The title bar shows the name of the key database file you selected, indicating that the file is open.
- Click on the certificate types pull-down list beneath Key Database
Context, and select Personal Certificates (the default).
- Click the Receive button. The Receive Certificate from a File dialog window is displayed.
- Click Data Type and select the data type of the signed
digital certificate. Emailed certificates are generally
Base64-encoded ASCII.
- Enter the name of the file containing the saved e-mail.
You can also use the Browse button to find and select the file.
- Click the OK button to continue to add the certificate in the
file to the previously selected keyring. The Enter a Label
dialog box is displayed.
- Type a label for the new signed digital certificate and click
OK. The IBM Key Management window is displayed. The Personal
Certificates field shows the label of the signed digital certificate
you just added.
At this point, the server's keyring contains both its private key
(which was generated as part of requesting the certificate) and the
certificate.
|
|