Importing a certificate
Review this information to learn how you can use Digital Certificate Manager (DCM) to import certificates that are located in files on your server. You can also import a certificate from another server instead of recreating the certificate on the current server. For example, on System A you used the local CA to create a certificate for your retail web application to use to initiate SSL connections. Your business has grown recently and you have installed a new System i™ model (System B) to host more instances of this very busy retail application. You want all instances of the retail application to use an identical certificate to identify them and initiate SSL connections. Consequently, you might decide to import both the local CA certificate and the server certificate from System A to System B rather than to use the local CA on System A to create a new, different certificate for System B to use.
Follow these steps to use DCM to import a certificate:
- In the left-hand navigation pane, click Select a Certificate Store and select the certificate store that you want to import the certificate into. The certificate store that you import the certificate into must contain certificates that are the same type as the certificate that you exported on the other system. For example, if you are importing a server certificate (type) then import it into a certificate store that contains server certificates such as *SYSTEM or an Other System Certificate Store.
- In the navigation frame, select Manage Certificates.
- In the navigation frame, select Import certificate.
- Select the type of certificate that you want to import and click Continue. The type of certificate that you are importing needs to be the same type of certificate that you exported. For example, if you exported a server certificate select to import a server certificate.
When DCM exports a certificate in pkcs12 format, the issuing CA is included in the exported certificate chain and is therefore imported automatically when the certificate itself is imported into the certificate store by DCM. However, if the certificate is not exported in pkcs12 format and you do not have the CA certificate in the certificate store to which you are importing, you need to import the issuing CA certificate before you can import the certificate.
- Complete the guided task to import the certificate. When you import the certificate make sure that you specify the correct absolute path where the certificate is stored on the server.
Parent topic:
Configuring DCM