Exchanging signer certificates

To establish trust relationships, we can exchange signer certificates between keystores. When we exchange signer certificates, we are extracting a personal certificate from one keystore and adding it to another keystore as a signer certificate.

To exchange signer certificates, there must be two keystores.

Tasks

1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates.

2. Select two keystores from the list of keystores.

3. Click Exchange signers.

4. Select any of the certificates in the first personal certificates list, and click Add. After adding, the signer part of the selected personal certificate appears in the other (second) keystore signers list.

5. Select any of the certificates in the second personal certificates list, and click Add. After adding, the signer part of the selected personal certificate appears in the other (first) keystore signers list.

6. Optional: If we need to remove any of the certificates from either of the signers lists, highlight one or more of the certificates, and click Remove.

7. Click Apply and Save.

The signer certificate appears in the list for each keystore.

What to do next

The extracted signer certificate is available to both keystores during the connection handshake.

Subtopics

• Keystores and certificates exchange signers
  Use this page to extract the signer part of a personal certificate from one keystore and add it to another keystore as a signer certificate. Signer certificates can also be listed, and they will be added to the other keystore as well.

Related:

Keystore configurations for SSL

Add a signer certificate to a keystore