Check In CA Certificates from the User Interface

You can check in a CA certificate from the User Interface under the Administration menu.

About this task

Based on security policies at your site, CA certificates in the JKS keystore can also be checked in through the console.

Before you begin, save any CA certificates that you have obtained externally to a local file.

To check in a CA certificate:

Procedure

  1. Choose one:
    • If you use Sterling B2B Integrator, from the Administration Menu, select Trading Partner > Digital Certificates > CA.
    • If you use the AS2 Edition, from the AS2 Administration menu, select Certificates.
  2. Next to Check in New Certificate, click Go!
  3. Select a method to import certificates:

    Import method

    Next Steps

    Import from JVM – Imports from the JKS keystore
    1. Click Import from JVM.
    2. Accept the default password that appears in the password field and click Next.

    The default keystore password is supplied by Sun Microsystems. If the password field is empty, the system still uses the default password.

    Import from File – Imports certificates saved as a file on a local drive
    1. Click Import from File.
    2. Enter the Filename or click Browse to select a CA certificate file. Click Next.

    You may ignore the password that appears in the password field. There is no need to erase the entry.

    Available certificates are listed with a summary of identifying information. All certificates are selected by default.

  4. Click the check boxes to the left of each entry to select or de-select certificates to import.
  5. For each certificate selected, accept the suggested Certificate Name or edit it based on your file naming conventions.
  6. Select the Validate When Used option and click Next. Validation options are:
    • Validity – Verifies dates in the validity period of the certificate are still in effect. If the dates are not in effect, the certificate is not used.
    • Auth Chain – Attempts to construct a chain of trust up to the root for certificates that are not self-signed. If a chain of trust cannot be constructed using valid certificates, the certificate is not used. If the certificate is self-signed, this option verifies only the certificate signature.
  7. If you receive a message stating that the certificate duplicates a certificate already in the database, enter Y or N to indicate whether to import the duplicate.

    This check is done on single certificates only. It does not take place when checking in one or more certificates from a file.

    Certificates are identified by SHA1 hash for purposes of determining duplicates. More than one copy of a certificate can be present in the database, since each will populate a different row and have a distinct object ID. The existing certificate is not overwritten.

  8. Review the CA certificate information.
  9. Click Finish.