Storing the certificate

If you receive the applied-for certificate from an unknown CA, contact the CA to obtain the CA's signer (root) certificate. You must store the unknown CA's signer certificate in the key database file before you store the applied-for certificate. The CA signer certificate is used to validate the applied-for certificate.

To store the unknown CA's signer certificate, make a backup copy of the unknown CA's signer certificate, then perform the following steps:
  1. On the IBM® Key Management window, under Key database content, select Signer Certificates from the drop-down list.
  2. Click Add.
  3. Select data type of BASE64 encoded ASCII data (armored 64 format).
  4. Enter the certificate file name.
  5. Enter the location, or path, of the certificate.
  6. Click OK. The file is marked as "trusted" and is stored.
To store the applied-for certificate received from either a well-known or unknown CA, make a backup copy of the certificate, then perform the following steps:
  1. Choose Personal Certificates from the drop-down list then click Receive to receive the certificate request. The Receive Certificate from a File window appears.
  2. The data type must be BASE64-encoded ASCII data (armored 64 format).
  3. Enter the certificate file name.
  4. Enter the location (path name) of the certificate.
  5. Click OK. The certificate you just stored is displayed as the first item.
  6. If you want to view the key information, highlight the certificate and click View/Edit.
  7. The certificate name should appear under the Personal Certificate drop-down list and the certificate request should disappear from under the Personal Certificate Requests drop-down list.
  8. Copy the key database file to the Enterprise Archive (.ear file) for deployment. If the Enterprise Archive is running, stop and restart it.