Requesting and storing certificates from Certificate Authorities

When you create a key database file, it is pre-configured with the CA signer (trusted root) certificates of well-known CAs required to identify the CA from whom the server certificate is issued. CAs whose signer certificates are not predefined in a key database file are referred to as unknown CAs. The following well-known CA signer certificates are automatically stored in a newly created key database file and marked as trusted root certificates.
  • Thawte Personal Premium CA
  • Thawte Personal Freemail CA
  • Thawte Personal Basic CA
  • Thawte Premium Server CA
  • Thawte Server CA
  • RSA secure server CA (also obtained from VeriSign)
  • VeriSign class 4 public primary CA
  • VeriSign class 3 public primary CA
  • VeriSign class 2 public primary CA
The following sections provide an overview of the steps used to request and store certificates from well-known and unknown CAs:
  • Creating the certificate request
  • Sending the certificate request
  • Storing the certificate